In this slideshow, you will learn :
- Oauth2 concepts
- OpenID connect Concepts
- Oauth2 & OpenID connect integration within OpenAM
There are actually multiple hooks in OpenAM and one way to accomplish that is to develop a custom SAML attribute mapper class on the OpenAM IdP side.
I was also asked how to avoid the OpenAM OAuth2 provider from displaying the user consent page, after authentication, in the code or implicit grant flow. One way to do that, on a per user basis, is to provision the user profile with the attribute chosen to store user consents.
This multi-valued attribute has to be set in the OpenAM (OAuth2 provider and datastore) configuration of course, and each value must be a string representing the client ID and a space separated list of scopes to allow.
For example: myClientID openid profile