Google as Identity Provider and OpenAM as Service Provider

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of Scott Heger Scott Heger 6 months, 2 weeks ago.

  • Author
    Posts
  • #15274
    Profile photo of apacheidm apacheidm 
    Participant

    Hi Team,

    We are trying a use case where Google will be a our Identity Provider and OpenAM as Service Provider and then OpenAM will be then acting as Identity Provider for a other app where it has to send a SAML assertion for it to consume.

    Please let me know if this is possible.

    Thanks

    #15310
    Profile photo of Scott Heger Scott Heger 
    Participant

    If you are using OpenAM 13 or better yet 13.5 then you could create a standalone SAML config between OpenAM and your SP. Then set the IDP in OpenAM to require it to use an authentication chain that invokes the new SAML 2.0 authentication module (integrated mode). That module will act as an SP to Google as the IDP where the user authenticates. For information on integrated mode see: https://backstage.forgerock.com/docs/openam/13.5/admin-guide#saml2-integrated-mode

    If you are using OpenAM 12 or below then you would set up OpenAM as an IDP Proxy. It would look like:

    SP -> OpenAM IDP -> OpenAM SP -> Google IDP

    OpenAM is configured with an entity that acts as both an IDP and a SP.

    @peter-major did a presentation of this at a ForgeRock IRM Summit in 2014. The video of that can be seen here: https://www.youtube.com/watch?v=Jz5LXaIz2IQ

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2017 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?