In a previous post, we have seen that OpenAM implements the OpenID Connect protocol and that it is possible to configure it as an OIDC provider (with some limitation though).  In the current post, we will learn how to  login with email on OpenID Connect provider based on OpenAM

First of all, you have to configure an OAuth / OpenID Connect provider in OpenAM by following the instructions in the official documentation and by testing it using an OpenID Connect client. Once you have done that, your users will be able to connect on OpenAM (the oidc provider) with their usernames (and password of course).

Let’s say you want them to connect with their emails instead of their usernames.  To do so, you will have to go to the datastore configuration (Access Control / your_realm / Data Stores / your_datastore) and in the list box of Create user attribute mapping, add the following line : uid=mail

Henceforth, your users will use their emails to login and in the openid connect client, you would see the email of the current user stored in the ID Token « sub » attribute.


Specialised in IAM (security, access control, identity management) and Open Source integration, settled in 2004 by IAM industry veteran, JANUA offers high value-added products and services to businesses and governements with a concern for Identity Management and Open Source components.
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.

Les derniers articles par Daly (tout voir)