OAM Mobile and Social for Google AuthN Provider
:: Steps Outlined ::
=====================================================================
1. Enabling Social Identity Provider Service
2. Configure Identity Directory Service (IDS) Profile
3. Configure User Profile Service Provider and User Profile Service
4. Configure Social Login with Google
5. Configure OAM Domain to use Mobile and Social Login
6. Testing Social Login with Google
:: Detailed Steps ::
=====================================================================
1. Open a browser and enter URL http://abc.mycompany.com:7001/oamconsole and Click Configuration tab and click Available Services.
2. Scroll down to Mobile Section. If Mobile and Social service is Disabled, click Enable Service
3. Open a browser and enter URL http://abs.mycompany.com:7001/oamconsole and Click Configuration tab and from Launch Pad click User Identity Stores.
4. Scroll down to Identity Directory Services section and click Create from IDS Profiles and create IDS Profile.
A] Configure User Profile Service Provider and User Profile Service:
1. Click Mobile Security tab and from Launch Pad click Mobile and Social Services
2. From Service Providers section, click Create and select Create User Profile Service Provider.
3. Give the Name as OUD User Profile SP and scroll down to select OUDStoreIDSProfile as Identity Directory Service Click Create.
4. From Service Profiles section, click Create and select Create User Profile Service
5. Give the Name as OUD User Profile. For Service Endpoint, enter OUD. For Service Provider select OUD User Profile SP. Click checkbox for Service Enabled and click Create.
B] Configure Social Login with Google:
1. Go to Google Developer Console at URL https://console.developers.google.com and sign in with your Google credentials (in case the URL doesn’t work search for Google Developer console)
2. Click Select a project dropdown and click Create a project
3. Give it some Name and click Create
4. Once created you will be redirected to Dashboard for the project in a few seconds. Click Use Google APIs to create credentials for using OAuth.
5. Click Credentials on Left and click New Credentials and Select OAuth Client ID
6. You will be asked to first set a product name on the consent screen. Click Configure consent screen.
7. For Product Name, enter something like OAM Social Login and click Save.
8. Select Web application as Application type and for Authorized redirect URIs, enter http://abc.mycompany.com:14100/oic_rp/popup. Click Create
9. You will be given OAuth Client ID and Client Secret. Make a note of these as you will need it in next steps.
10.You can now exit Google Developer Console.
11.Enter URLhttp://abc.mycompany.com:7001/oamconsole to open the Access Management Console.
12.Click Federation tab and from Launch Pad click Social Identity
13.In Social Identity Providers section, select Google and click Edit.
14.Provide Consumer Key (same as Client ID) and Consumer Secret (same as Client Secret), which was generated from Google Console and click Apply and close the tab.
15.Back in the Social Identity section scroll down to Application profiles, select OAMApplication and click Edit. OAMApplication is prebuilt application profile and can be used directly, or used as a template to build other application profiles.
The name of this entry must be the same as the name of the OAM Application Domain that you wish to enable social login for. At this time, this is a one to one relationship.
For our exercise, rather than creating a new Application Domain entry matching the OAM Application Profile, we will rename the webgate_1 Application Domain to match this default entry
16.Enter Oracle123 for Shared Secret.
17.In Application Profile Properties section, make sure Login Type is Local Authentication and Social Identity Provider Authentication, Enable Browser Popup is Yes and User Registration is Enabled. Select User Profile Service Endpoint as /OUD.
18.Scroll down to Application User Attribute and Social Identity Provider User Attributes Mapping. Select Google as Social Identity Provider. You will find predefined attributes listed there, delete all the entries and do a new mapping of Application Social Identity Provider User Attributes as shown on the below screen print.
19.Go to the WebLogic console to modify the OAM managed servers SSL settings. Click the SSL tab and then expand the advanced link at the bottom of the page. Change the hostname verification from 'BEA Hostname Verifier' to 'Custom Hostname Verifier' and in the next box set the custom hostname verifier value to weblogic.security.utils.SSLWLSWildcardHostnameVerifier'.
At the very bottom of the page check the box for 'Use JSSE SSL'. Save the changes and then restart the OAM managed server.
C] Configure OAM Domain to use Mobile and Social Login:
1. In /oamconsole Click Application Security tab and from Access Manager, click Application Domains
2. Modify your webgate_1 to OAMApplication and apply.
3. Open OAMApplication application domain -> AuthN policies -> Protected Resource Policies -> Chnage AuthN Scheme to OICSceme
Important Step:
You should be able to connect to the internet from VM where OAM is running. Open a browser inside VM to access www.google.com to
verify. NOTE: If your VM is running in "Host Only" mode you need to change your VBox VM network settings to be in bridged or NAT
mode, and afterwards update your OAM VM /etc/hosts file with your new ip address accordingly.
There are add-on configurations are needed for Facebook, Twitter, and Yahoo. Please contact me if any issues!
🙌 Many Thanks 🙌