OAM Integration with Google (Social Identity Provider) using OAuth

Go to oamconsole –> Configuration –> Available Services
firefox_2018-02-11_12-19-28

Enable Mobile and Social Service
firefox_2018-02-11_12-21-09

Go to Federation –> Social Identity
firefox_2018-02-11_12-22-32

Select Google Identity provider and click on edit
firefox_2018-02-11_12-23-46

Here we need to enter consumer key and consumer secret
2018-02-11_12-26-05

For generating consumer key and consumer secret. Got to https://code.google.com/apis/console
Login to your gmail account
Click on the below icon on page
firefox_2018-02-11_12-29-06

Go to API services –> Credentials
firefox_2018-02-11_12-30-12

Click on OAuth Client ID
firefox_2018-02-11_12-31-30firefox_2018-02-11_12-35-02
Copy Client ID and Client Secret
firefox_2018-02-11_12-35-52
Add authorized redirect URI as
http://<oam-server>:<oam-port>/oic_rp/return
http://<oam-server>:<oam-port>/oic_rp/popup

image
firefox_2018-02-12_10-29-52

When configuring Google’s Consent Screen in Google’s Developers Console, make sure the PRODUCT NAME matches the Application Profile name in M&S:firefox_2018-02-12_10-31-08

Go back to oamconsole –> Federation –> Social Identity –> Google
Paste the Client ID in the Consumer Key field and the Client Secret in the Consumer Secret field.
Click Apply to save your changes.
2018-02-11_12-40-09

Now create/edit an Application Profile with the same name as your Application Policy Domain (OAMApplication, in my case).
select OAMApplication under Application Profiles and click on edit
Enter shared secret key of your choice, enable user registration. Click on apply
firefox_2018-02-11_13-17-10
image

Go to authentication schemes
firefox_2018-02-11_14-32-49
Edit OICScheme as belowfirefox_2018-02-11_14-33-57
Go to Application domain
firefox_2018-02-11_14-35-06
Select the application domain
firefox_2018-02-11_14-35-57
Go to Authentication Policy, Select itfirefox_2018-02-11_14-36-43
Select OICScheme authentication scheme
firefox_2018-02-11_14-37-55

Test:
http://identity.oracleads.com:7777
image

image

chrome_2018-02-11_15-35-26

To resolve this issue, 

Import into trust store of weblogic
keytool -import -v -trustcacerts -alias endeca-ca -file <certificate .der> -keystore <trustedstore.jks>
image
image

Note: Demo trust store password is DemoTrustKeyStorePassPhrase and for cacerts is changeit

  • Set the HostNameIdentifier in weblogic(10.3.6)  admin console to ‘None’ & Check JSSE SSL
    Enable
    Login to weblogic console
    Go to Home >Summary of Servers >oam_server1>SSL
    Click Lock and Edit
    image
    image
    Do same for omsm_server1
    Click Save, Activate Changes, Restart weblogic Servers
  • Make sure OMSM server is able to communicate with google servers

Test Again
Hit the protected URL
http://identity.oracleads.com:7777
chrome_2018-02-12_10-51-08
Click on Google
2018-02-12_10-51-58
Enter google username and password
chrome_2018-02-12_10-53-02
Fill in password click on register
chrome_2018-02-12_10-53-54
Protected resource is displayed. And user is registered in identity storefirefox_2018-02-12_10-55-14

Demo: https://www.youtube.com/watch?v=Gl7pMGkNNVw

Advertisements