Skip to content

Login via VK OAuth2 Identity Provider

maximthomas edited this page Sep 5, 2018 · 2 revisions
Clone this wiki locally

Create Applicaton

Goto and create new VKontakte Application Goto Application Setting. There will be your app App Id and App Secret.

Setup OpenAM

Legacy UI

Login into console. Goto Access Control then select target realm. Goto Authentication

Create Authentication Module

Under section Module Instances create new Authentication Module. Enter new module instance name, for example vkontakte. Authentication module type is OAuth 2.0 / OpenID Connect

Then select module, you've just created from module list and enter following settings:

Setting Value
Client Id Your VKontakte Application App Id
Client Secret Your VKontakte Application App Secret
Authentication Endpoint URL
Access Token Endpoint URL
User Profile Service URL
Scope Here you should enter scope, according to VKontakte documentation for example email
OAuth2 Access Token Profile Service Parameter name access_token
Proxy URL [Your OpenAM URL]/oauth2c/OAuthProxy.jsp for example:
Account Provider org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider
Account Mapper org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper
Account Mapper Configuration Attribute configuration that will be used to map the account of the user authenticated in the OAuth 2.0 Provider to the local data store in the OpenAM. Example:
Attribute Mapper org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper
Attribute Mapper Configuration Attribute configuration that will be used to map the user info obtained from the OAuth 2.0 Provider to the local user data store in the OpenAM. Example:

You can setup remaining attributes on your own, depending your authentication process requirement and press Save and then Back to Authentication

Create Authentication Chain

Under section Authentication Chaining create new Authentication Chain, enter its name, for example, vkontakte and add recently created module vkontakte

Your authentication chain should look like this:

Instance Criteria Options
vkontakte Required  

Test your Authentication Chain

Goto [Your OpenAM URL]/UI/Login?org=[your org]&service=[facebook auth chain], for example, and you should see facebook authentication dialog