Skip to main content

OAM 11g R2 - Mobile and Social - Protecting Application with Google

  1. Login to OAM Console and Go to System Configuration > Common Configuration and double click on Available Services. Enable Mobile and social.
  2.  Go to Mobile And Social and double click Internet Identity Services.On the right hand side select Google click Edit.Verify the details and close the tab.
  3. Now Select OAMApplication under Application Profiles and click on Edit.
  4. Ensure that a Shared Secret is entered. 
  5. Scroll down, and ensure that User Registration is enabled.
     
  6.  Scroll down to the bottom, and ensure that Google is checked. Click on Apply.
  7. Go to System Configuration > Access Manager > Access Manager Settings.
    Set host to <OAM_HOST>.Set port to 14100.Set protocol to HTTP and apply the changes.
  8. Go to Mobile and Social and click "User Profile Service providers". Click create and create a new User Profile Service Provider.
  9. Provide the repository details like Bind DN, Root Context, User Base, Group Base and test the connection.
  10. Under the Attributes section add the attribute "proxyAuth" to false. Which is required for some of the Directory servers like OUD.
  11. Under the Entities tab provide the user and group Create and search base correctly.
  12. Click on save. Then click User Profile Service providers again. Under Service profiles click create User Profile Service.
  13. Provide name and service end point and select service provider as recently created Service Provider.
  14. Go to Policy Configuration > Authentication Schemes > OICScheme and double click it. Set challenge URL to use the above parameters. e.g. http://<OAM_HOST>:14100/oic_rp/login.jsp.
  15. Go to System Configuration > Mobile and Social >  Internet Identity Services > OAMApplication.
  16. Set Return URL = http://<OAM_HOST>:14100/oam/server/dap/cred_submit
    Set Registration URL = http://<OAM_HOST>:14100/oic_rp/register.jsp.
  17. Go to Registration Service Details with Application User Attribute Mapping.
    Uncheck read only checkbox for first and lastname.
  18. Go to Policy Configuration > Application Domains > click on Search.
  19. Either create new Application Domain (OAMApplication) or change existing domain name as OAM Application.
  20. Open OAMApplication domain > Authentication Policies tab.
    Open Protected Resource Policy and set Authentication Scheme as OICScheme and Click on Apply.
  21. Restart the OAM managed server and Webserver.
  22. For Some directories we even need to provide the Admin user privilege of Proxy Authorization.
  23. Login to ODSM and select Configuration tab. Under root users select Directory Manager. then select privilege and enable the Proxied Authorization.

Labels:

Comments

  1. Sudipto Desmukh15 September 2014 at 16:21

    This comment has been removed by the author.

    ReplyDelete
  2. Sudipto Desmukh15 September 2014 at 16:22

    Hi, Thanks for your useful post.
    I am getting the following error after following all your steps. Using OAM 11.1.2.2.
    OpenID auth request contains an unregistered domain: http://demo02.com:14100/oic_rp

    Looks like new OpenId providers cannot be registered per google, any workarounds you know of ?

    ReplyDelete

Post a Comment

Popular posts from this blog

Adding UDF (User Defined Field) on create user page OIM 11g R2 PS1:-

    Login to Sysadmin console and create a Sandbox and activate it. Click on Form Designer and search for user form. 2.      Create a new field of desired type. 3.      Provide the Required Values for UDF creation and click save and close. UDF field will be added then publish the sand box. 4.      Login to Identity console now and create another sandbox and activate it. After sandbox is activated click on users link and the click on create user. 5.      Provide the mandatory values on the form and then click the customize button on top. Select source from the view. 6.      Select the panel where the field has to be added. Select panel form lay out click add content. Select Data component Catalog from the box. 7.      Select UserVO from the bottom. ...
12 comments
Read more

OIM Tuning

Application Module tuning is a critical setting which will affect the UI performance. Following are the recommended application module settings for OIM and these are already set out-of-box (OOB) in later releases of OIM 11g R2. Ensure that these settings are implemented as recommended in your environment. -Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -Djbo.recyclethreshold=60 - Djbo.ampool.timetolive=-1 -Djbo.load.components.lazily=true - Djbo.doconnectionpooling=true -Djbo.txn.disconnect_level=1 - Djbo.connectfailover=false -Djbo.max.cursors=5 - Doracle.jdbc.implicitStatementCacheSize=5 - Doracle.jdbc.maxCachedBufferSize=19 open DOMAIN_HOME/bin/setDomainEnv.sh file for the WebLogic Server instance.find these lines: JAVA_OPTIONS="${JAVA_OPTIONS}" export JAVA_OPTIONS and change it to: JAVA_OPTIONS="-Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -D...
Post a Comment
Read more

Oracle Traffic Director (OTD) configuration

Download the OTD software and install it on a server by running runInstaller command from <Binaries>/Disk1. Preferred is to configure the OTD as root user because when the administration server is configured as root, then Oracle Traffic Director starts the keepalived daemon automatically when you start instances that are part of a failover group, and stops the daemon when you stop the instances. Set Oracle_Home as the new Installed OTD Home. Run below command to configure the Admin server: <OTD_HOME>/otd/bin/tadm configure-server --port=8989 --user=admin --server-user=root --instance- home= <OTD_HOME> /otd/instance_name/otd_instance1 This command will ask for admin password and will create the admin server. Run Below command to start the admin server: <OTD_HOME> /otd/instance_name/otd_instance1/admin-server/bin/startserv Login to the OTD console on http://<host>:8989 as admin user.  Click New configuration: Click Next and create ne...
Post a Comment
Read more