- Login to OAM Console and Go to System Configuration > Common Configuration and double click on Available Services. Enable Mobile and social.
- Go to Mobile And Social and double click Internet
Identity Services.On the right hand side select Google click Edit.Verify the details and close the tab.
- Now Select OAMApplication under Application Profiles and click on Edit.
- Ensure that a Shared Secret is entered.
- Go to System Configuration > Access Manager > Access Manager Settings.Set host to <OAM_HOST>.Set port to 14100.Set protocol to HTTP and apply the changes.
- Go to Mobile and Social and click "User Profile Service providers". Click create and create a new User Profile Service Provider.
- Provide the repository details like Bind DN, Root Context, User Base, Group Base and test the connection.
- Under the Attributes section add the attribute "proxyAuth" to false. Which is required for some of the Directory servers like OUD.
- Under the Entities tab provide the user and group Create and search base correctly.
- Click on save. Then click User Profile Service providers again. Under Service profiles click create User Profile Service.
- Provide name and service end point and select service provider as recently created Service Provider.
- Go to Policy Configuration > Authentication Schemes > OICScheme and double click it. Set challenge URL to use the above parameters. e.g. http://<OAM_HOST>:14100/oic_rp/login.jsp.
- Go to System Configuration > Mobile and Social > Internet Identity Services > OAMApplication.
- Set Return URL = http://<OAM_HOST>:14100/oam/server/dap/cred_submit.Set Registration URL = http://<OAM_HOST>:14100/oic_rp/register.jsp.
- Go to Registration Service Details with Application User Attribute Mapping.Uncheck read only checkbox for first and lastname.
- Go to Policy Configuration > Application Domains > click on Search.
- Open OAMApplication domain > Authentication Policies tab.Open Protected Resource Policy and set Authentication Scheme as OICScheme and Click on Apply.
- Restart the OAM managed server and Webserver.
- For Some directories we even need to provide the Admin user privilege of Proxy Authorization.
- Login to ODSM and select Configuration tab. Under root users select Directory Manager. then select privilege and enable the Proxied Authorization.
1. Prepopulate Adapter in OIM uses the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. 2. Write the Java code which returns the value which has to be populated on the form. 3. This code will implement the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. Code Snippet: - package com.oracle.oim.utility.eventhandler; import java.io.Serializable; import java.util.Iterator; import java.util.List; import java.util.logging.Logger; import oracle.iam.identity.exception.NoSuchUserException; import oracle.iam.identity.exception.UserLookupException; import oracle.iam.identity.usermgmt.api.UserManager; import oracle.iam.identity.usermgmt.vo.User; import oracle.iam.platform.Platform; import oracle.iam.platform.authz.exception.AccessDeniedException; import oracle.iam.request.exception.RequestServiceException; import oracle.iam.request.vo.Beneficiary; import oracle.iam.request.vo.RequestData; public c
This comment has been removed by the author.
ReplyDeleteHi, Thanks for your useful post.
ReplyDeleteI am getting the following error after following all your steps. Using OAM 11.1.2.2.
OpenID auth request contains an unregistered domain: http://demo02.com:14100/oic_rp
Looks like new OpenId providers cannot be registered per google, any workarounds you know of ?