Skip to content

Login via VK OAuth2 Identity Provider

maximthomas edited this page Sep 5, 2018 · 2 revisions

Create Applicaton

Goto https://vk.com/apps?act=manage and create new VKontakte Application Goto Application Setting. There will be your app App Id and App Secret.

Setup OpenAM

Legacy UI

Login into console. Goto Access Control then select target realm. Goto Authentication

Create Authentication Module

Under section Module Instances create new Authentication Module. Enter new module instance name, for example vkontakte. Authentication module type is OAuth 2.0 / OpenID Connect

Then select module, you've just created from module list and enter following settings:

Setting Value
Client Id Your VKontakte Application App Id
Client Secret Your VKontakte Application App Secret
Authentication Endpoint URL https://oauth.vk.com/authorize
Access Token Endpoint URL https://oauth.vk.com/access_token
User Profile Service URL https://api.vk.com/method/users.get
Scope Here you should enter scope, according to VKontakte documentation for example email
OAuth2 Access Token Profile Service Parameter name access_token
Proxy URL [Your OpenAM URL]/oauth2c/OAuthProxy.jsp for example: https://openam.example.com/openam/oauth2c/OAuthProxy.jsp
Account Provider org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider
Account Mapper org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper
Account Mapper Configuration Attribute configuration that will be used to map the account of the user authenticated in the OAuth 2.0 Provider to the local data store in the OpenAM. Example:
id=uid
Attribute Mapper org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper
Attribute Mapper Configuration Attribute configuration that will be used to map the user info obtained from the OAuth 2.0 Provider to the local user data store in the OpenAM. Example:
last_name=givenName
id=uid

You can setup remaining attributes on your own, depending your authentication process requirement and press Save and then Back to Authentication

Create Authentication Chain

Under section Authentication Chaining create new Authentication Chain, enter its name, for example, vkontakte and add recently created module vkontakte

Your authentication chain should look like this:

Instance Criteria Options
vkontakte Required  

Test your Authentication Chain

Goto [Your OpenAM URL]/UI/Login?org=[your org]&service=[facebook auth chain], for example, http://example.openam.com/openam/UI/Login?org=/&service=vkontakte and you should see facebook authentication dialog

You can’t perform that action at this time.