How to implement user “auto-approval” with Forgerock OpenAM and OAuth2

Tagged: ,

This topic contains 21 replies, has 8 voices, and was last updated by  sasidhar_bssrbg 3 days, 10 hours ago.

  • Author
    Posts
  • #8680
     wshen 
    Participant

    I had a similar question posted several weeks ago, and hadn’t got an elegant solution either. (https://forgerock.org/topic/auto-consent-with-oidc-client/), and voted on the JIRA ticket.

    I agree with Tom that adding additional “auto-consent” field on client registration (OAuth2 client agent) to be set on per client basis will be ideal.

    I’m not sure modifying openam source code is a good idea, since it will affect all realms/users managed by openam.

    My 2c,
    -Wei

    #8681
     Tom Kofford 
    Participant

    I just added a comment with our implementation details to the Jira issue referenced earlier in the thread. Would love feedback. Not sure if the Jira ticket or this forum is the best place for feedback. I guess I’ll see either one.

    #12448
     Andy Cory 
    Participant

    Tom, we implemented exactly the solution you proposed in a project recently, build on OpenAM 12. The reason we didn’t adopt Bill’s solution of pre-populating the relevant attributes in the directory in this case was similar to yours – the directory is (largely) already provisioned with many entries, and while we could add the attributes to provisioning of new users, there were issues with updating the many existing users.

    When I say we implemented exactly the solution you proposed, I do mean exactly – I lifted your code from the FR Jira ticket, and it’s working perfectly. Since I lifted your code, I thought it only appropriate to thank you on this thread!

    Andy

    #12849
     Miguel F 
    Participant

    I guys! You might know this already but just in case. This feature (“Skip user consent” for OAuth2) is supported officially in OpenAM 13.5+. :-)

    Regards!

    #12868
     Tom Kofford 
    Participant

    That was a fast turn-around! We just updated our production OpenAM to 13.5 a couple of days ago. So far, so good.

    #14370
     Andy Cory 
    Participant

    FYI, we’ve implemented the new auto Skip user consent feature in 13.5 in a project currently in test, go live Jan next year. Works flawlessly.

    #25634
     sasidhar_bssrbg 
    Participant

    Hi All,

    I am working openam oauth flow, but i am not getting user consent page after user authentication
    i have configured remote consent and created the agent profile for remote consent and enable remote consent in oauth provider, how to get consent page?
    i am using AM6.5

    Thanks,
    Sasidhar

Viewing 7 posts - 16 through 22 (of 22 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?