In a previous post, we have seen that OpenAM implements the OpenID Connect protocol and that it is possible to configure it as an OIDC provider (with some limitation though).  In the current post, we will learn how to  login with email on OpenID Connect provider based on OpenAM

First of all, you have to configure an OAuth / OpenID Connect provider in OpenAM by following the instructions in the official documentation and by testing it using an OpenID Connect client. Once you have done that, your users will be able to connect on OpenAM (the oidc provider) with their usernames (and password of course).

Let’s say you want them to connect with their emails instead of their usernames.  To do so, you will have to go to the datastore configuration (Access Control / your_realm / Data Stores / your_datastore) and in the list box of Create user attribute mapping, add the following line : uid=mail

Henceforth, your users will use their emails to login and in the openid connect client, you would see the email of the current user stored in the ID Token « sub » attribute.

janua
Les derniers articles par janua (tout voir)