OpenAM oAuth 2.0 authentication for web project

This topic contains 20 replies, has 5 voices, and was last updated by  Kavithak 1 month ago.

  • Author
    Posts
  • #13692
     manasvi 
    Participant

    Thanks for replying.

    These are the settings I have made:

    Authentication End Point: http://djangoserver.com/login (Get request to open login window)
    Access Token Endpoint URL: http://djangoserver.com/login (POST request which returns code= access_token from django server)
    User Profile Service URL: http://djangoserver.com/get-profile (which will fetch user details based on code)
    Scope: email
    OAuth2 Access Token Profile Service Parameter name: access_token

    Proxy URL: http://openam.example.com:8080/openam/oauth2c/OAuthProxy.jsp

    Account Provider: org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider
    Account Mapper Configuration: email=mail

    #13697

    Are you sure that user exists in OpenAM identity repository ?

    To quickly check if the authentication process goes to the end, you can set Authentication settings > User profile to “Dynamic” (OpenAM will automatically create a user profile if it does not find it inside the IdRepo).

    Or maybe the issue is because OpenAM can not map the user using the mail attribute. If not already present, you can add “mail” in Authentication settings > User profile > Alias Search attribute name.

    #13699
     manasvi 
    Participant

    @vincent-mirzaiansolucom-fr the user does not exists in OpenAM repository. But I have enabled “Create account if it does not exist” in module settings.

    Also, I tried the two processes you told me and it’s still not working.

    #13722
     manasvi 
    Participant

    After successful login from my app, openam redirects to /OAuth2Proxy.jsp which redirects to http://openam.example.com:8080/openam/json/authenticate?realm=/ with following parameters:
    {
    “authId”: “eyAidHlwIjogIkpXVCIsICJhbGciOiAiSFMyNTYiIH0.eyAiYXV0aEluZGV4VmFsdWUiO”,
    “authIndexType”: “module”,
    “authIndexValue”: “django-auth”,
    “code”: “VOZhiY6jmtJu998VjKvrDJiA4qPwHD”,
    “realm”: “/”,
    “state”:”t3q4sut98k45k387b2eu8y0dcwvboo7″,
    “sessionUpgradeSSOTokenId”: “AQIC5wM2LY4SfczjQdDzQUo21Ima..*”
    }
    And in the response I get {“code”:500,”reason”:”Internal Server Error”,”message”:”Authentication Error!!”}

    Also, iPlanetDirectoryPro is not set in cookies but JSessionId and NTID are set in the cookie.

    #13771

    Based on the source of OAuthProxy.java, you also should have a cookie named ORIG_URL. What are the parameters passed to /OAuth2Proxy.jsp ?

    If not already done set your debug level to Message and look into the “Authentication” debug file.

    Vincent

    #25779
     Kavithak 
    Participant

    Hi Manasvi,

    I am getting the same error, Could you please let me know how did you fixed the issue

    OpenAM Version is : 13.5.2

    Thanks,

Viewing 6 posts - 16 through 21 (of 21 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?