Sunday, November 6, 2016

OAM 11g R2 Social Lab

Task 1 - Mobile Lab
Task 2 - Configure User Profile Service Provider
Task 3 - Configure Soial Login with Google
Task 4 - Configure OAM Domain to use Mobile and Social Login
Task 5 - Test Social Login

Task 1 - Mobile Lab

Go to OAM Console -> System Configuration -> Mobile and Social
Double Click Mobile Services
Click Create under the Service Providers
"Create User Profile Service Provider"

Name : OUDUserPrfile
Description : OUD User Profile Service Provider
Attributes Section
add a new attribute
proxyAuth : value = false
accessControl = false
adminGroup = cn=Administrators,ou=groups,ou=myrealm
selfEdit = true

Under "Identity Directory Service" section
Select "Create New" Radio button
Name : OUDDirectoryService
Description : OUD Directory
Under Repository : Select "Create New" Radio Button
Name : OUDRepository
Directory Type : Oracle Unified Directory
Host Information
Host Name : oam.example.com
Port : 1389
Bind DN = cn= Directory Manager
Bind Password : password
Base DN = dc=example,dc=com
Object Classes = inetorgperson
User Base DN = ou=people,dc=xample,dc=com
Group Object Classes = groupofuniquenames
Base DN = ou=groups,dc=example,dc=com
Click Create

Double click "Mobile Services" -> Service Profiles -> Click "Create" -> "Create User Profile Service"

Other options are "Create Authentication Service" and "Create Authorization Service" (not using)

User Profile Service
Name : OUDUserProfile
Description : UD User Profile
Service Type : User Profile Service
Service Endpoint : http(s)://host:port/oic_rest/rest/OUD
Service Provider : OUDUserProfile
Service Enabled : check

For Users, http(s)://host:port/oic_rest/rest/OUD/people
For Groups, http(s)://host:port/oic_rest/rest/OUD/groups

Now go to , "Internet Identity Services"->"Application Profiles"->OAMApplication

Note: This prebuilt application profile (named OAMApplication) can be used directly, or used as a template to build other application profiles. 
The name of this entry must be the same as the name of the OAM application profile that you wish to enable social login for. 
This is 1-to-1 relationship
Instead of creating a new entry matching the OAM Application Domain , we will rename the OAM Application Domain to match this default entry

In "User Profile Service Endpoint" dropdown
select OUD User Profile Service just created

OAMApplication
Login Type :
Local Authentication and Internet Identity Provider Authentication (chceck)
Internet Identity Provider Authentication only (uncheck)

Enable Browser Popup : Yes (check)
User Registration : Enabled (check)
Registration URL : https://oam:14101/oic_rp/register.jsp
UserID Attribute : mail
User Profile Service Endpoint : /OUDUsrProfile
Authentication Service Endpoint : /oamauthentication
Application Profile Properties
colocated.oam = true


Now , Go to Policy Configuration -> Authentication Schemes -> TAPScheme

MatchLDAPAttribute=uid in Challenge Parameters

Task 3 - Configure Soial Login with Google

System Configuration -> OAMApplication -> Shared Secret (password)

Scroll down to bottom
Application User Attribute Vs Internet Identity Provider User Attributes Mapping
-> Internet Identity Provider
Facebook (uncheck)
Twitter (uncheck)
LinkedIn (uncheck)
Google (check)
Yahoo (uncheck)

Task 4 - Configure OAM Domain to use Mobile and Social Login

OAM needs to be configured to use M&S Social Authentication

Go to OAM Console _> Application Domains -> webgate11g_1
Rename the Application Domain name from webgate11g_1 to  "OAMApplication"
Apply

Go to "Authentication Policies"-> Protected Resource Policy
Change the Authentication Scheme to : OICScheme

Task 5 - Test Social Login

Make Sure System Configuration -> Access Manager -> Access Manager Settings
Host : oam
Port : 14101
protocol : htps

Try access http://ohs-host:7777/welcome-index.html

You get a login screen
2 options
1. Sign in With Local Account
2. Sign in With Other Account : Google

Choose Google

Provide a valid google id and password

Next screen will ask you to authorize the release of your email address and locale to OAM
Uncheck  "Remember this approval"

Click Allow

After successful Social authentication
you will provide Local Account Registration , carrying forward details from Google to ease registration

Enter a password and confirm password, This password is independent from Google

Click Register

Email ID : Google's
last Name : Google's
Common Name : Provide
First Name : Google's
Login ID : Google's
Password : Provide
Confirm Password :
Display Name : Provide

You now get access to the protected resource

Next Step , Close browser, Access Again
This time, sign in with the local account you just created

User Name : Google's email ID
Password : Password you gave in last screen