Task 1 - Mobile Lab
Task 2 - Configure User Profile Service Provider
Task 3 - Configure Soial Login with Google
Task 4 - Configure OAM Domain to use Mobile and Social Login
Task 5 - Test Social Login
Task 1 - Mobile Lab
Go to OAM Console -> System Configuration -> Mobile and Social
Double Click Mobile Services
Click Create under the Service Providers
"Create User Profile Service Provider"
Name : OUDUserPrfile
Description : OUD User Profile Service Provider
Attributes Section
add a new attribute
proxyAuth : value = false
accessControl = false
adminGroup = cn=Administrators,ou=groups,ou=myrealm
selfEdit = true
Under "Identity Directory Service" section
Select "Create New" Radio button
Name : OUDDirectoryService
Description : OUD Directory
Under Repository : Select "Create New" Radio Button
Name : OUDRepository
Directory Type : Oracle Unified Directory
Host Information
Host Name : oam.example.com
Port : 1389
Bind DN = cn= Directory Manager
Bind Password : password
Base DN = dc=example,dc=com
Object Classes = inetorgperson
User Base DN = ou=people,dc=xample,dc=com
Group Object Classes = groupofuniquenames
Base DN = ou=groups,dc=example,dc=com
Click Create
Double click "Mobile Services" -> Service Profiles -> Click "Create" -> "Create User Profile Service"
Other options are "Create Authentication Service" and "Create Authorization Service" (not using)
User Profile Service
Name : OUDUserProfile
Description : UD User Profile
Service Type : User Profile Service
Service Endpoint : http(s)://host:port/oic_rest/rest/OUD
Service Provider : OUDUserProfile
Service Enabled : check
For Users, http(s)://host:port/oic_rest/rest/OUD/people
For Groups, http(s)://host:port/oic_rest/rest/OUD/groups
Now go to , "Internet Identity Services"->"Application Profiles"->OAMApplication
Note: This prebuilt application profile (named OAMApplication) can be used directly, or used as a template to build other application profiles.
The name of this entry must be the same as the name of the OAM application profile that you wish to enable social login for.
This is 1-to-1 relationship
Instead of creating a new entry matching the OAM Application Domain , we will rename the OAM Application Domain to match this default entry
In "User Profile Service Endpoint" dropdown
select OUD User Profile Service just created
OAMApplication
Login Type :
Local Authentication and Internet Identity Provider Authentication (chceck)
Internet Identity Provider Authentication only (uncheck)
Enable Browser Popup : Yes (check)
User Registration : Enabled (check)
Registration URL : https://oam:14101/oic_rp/register.jsp
UserID Attribute : mail
User Profile Service Endpoint : /OUDUsrProfile
Authentication Service Endpoint : /oamauthentication
Application Profile Properties
colocated.oam = true
Now , Go to Policy Configuration -> Authentication Schemes -> TAPScheme
MatchLDAPAttribute=uid in Challenge Parameters
Task 3 - Configure Soial Login with Google
System Configuration -> OAMApplication -> Shared Secret (password)
Scroll down to bottom
Application User Attribute Vs Internet Identity Provider User Attributes Mapping
-> Internet Identity Provider
Facebook (uncheck)
Twitter (uncheck)
LinkedIn (uncheck)
Google (check)
Yahoo (uncheck)
Task 4 - Configure OAM Domain to use Mobile and Social Login
OAM needs to be configured to use M&S Social Authentication
Go to OAM Console _> Application Domains -> webgate11g_1
Rename the Application Domain name from webgate11g_1 to "OAMApplication"
Apply
Go to "Authentication Policies"-> Protected Resource Policy
Change the Authentication Scheme to : OICScheme
Task 5 - Test Social Login
Make Sure System Configuration -> Access Manager -> Access Manager Settings
Host : oam
Port : 14101
protocol : htps
Try access http://ohs-host:7777/welcome-index.html
You get a login screen
2 options
1. Sign in With Local Account
2. Sign in With Other Account : Google
Choose Google
Provide a valid google id and password
Next screen will ask you to authorize the release of your email address and locale to OAM
Uncheck "Remember this approval"
Click Allow
After successful Social authentication
you will provide Local Account Registration , carrying forward details from Google to ease registration
Enter a password and confirm password, This password is independent from Google
Click Register
Email ID : Google's
last Name : Google's
Common Name : Provide
First Name : Google's
Login ID : Google's
Password : Provide
Confirm Password :
Display Name : Provide
You now get access to the protected resource
Next Step , Close browser, Access Again
This time, sign in with the local account you just created
User Name : Google's email ID
Password : Password you gave in last screen