In a previous post, we have seen that OpenAM implements the OpenID Connect protocol and that it is possible to configure it as an OIDC provider (with some limitation though). In the current post, we will learn how to login with email on OpenID Connect provider based on OpenAM
First of all, you have to configure an OAuth / OpenID Connect provider in OpenAM by following the instructions in the official documentation and by testing it using an OpenID Connect client. Once you have done that, your users will be able to connect on OpenAM (the oidc provider) with their usernames (and password of course).
Let’s say you want them to connect with their emails instead of their usernames. To do so, you will have to go to the datastore configuration (Access Control / your_realm / Data Stores / your_datastore) and in the list box of Create user attribute mapping, add the following line : uid=mail
Henceforth, your users will use their emails to login and in the openid connect client, you would see the email of the current user stored in the ID Token « sub » attribute.
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.
Les derniers articles par Daly (tout voir)
- OpenAM : Saving OAuth2 consent - 14 avril 2016
- OpenAM : Login with email on OpenID Connect provider - 14 octobre 2015
- OpenID Connect with OpenAM - 3 septembre 2015