I am newly join and and just try OpenAM and OpenDJ.
I have created two identity (i.e. EntityA and EntityB) under OpenAM and stored in an external OpenDJ instance.
I also created two clientID/secret (i.e. Client1 and Client2) of Oauth2 under same OpenAM and OpenDJ.
Now I have no idea how to relate Client1 to EntityA, and Client2 to EntityB.
I am require to build machine to machine (client to server) connection purely by using credential.
It require the server can base on the clientID/secret that used in connection to retrieve the mapped Entity.
During pure credential Oauth2 flow, if I use Client1 credential, the server will no I am EntityA.
During login/password + credential Oauth2 flow, If I still use client1 credential but with EntityB login/password, then I need the OpenAM able to throw error and deny the connection.
What is the Orthodox way to configure openAM for above use case? Someone just suggest me add clientID as attribute under identity inside OpenDJ, and create “Proxy program” in front of OpenAM to do checking (e.g. when client use Client1 to connect, then before return success of connection go to use master account to query all “identity” inside OpenDJ and see which configured with a attribute with matched “clientID”)….. however I feel it is somewhat like reinvent the wheel, and hope that people here can direct me to the official way or orthodox way to implement my use case (which is pretty general and classic… I think).
Please help and I will share my sincere thanks to those people who allow me to learn from!
Thanks in advance!