User map between local users and Linked in Social authenticated users in Openam 12

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

User map between local users and Linked in Social authenticated users in Openam 12

Saikumar Thalupuru
Hi All,

Is there a way to map the social authenticated (Linked in) user based on email or any other attribute to local user, before we create a profile dynamically in Data store ?

--
Thanks
 
Saikumar T

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: User map between local users and Linked in Social authenticated users in Openam 12

Bernhard Thalmayr
Honestly I do not understand your question.

Either you map to an existing identity or you create a new one (which is
then used upon consecutive requets)

-Gernhard

Am 24/01/16 um 16:07 schrieb Saikumar Thalupuru:

> Hi All,
>
> Is there a way to map the social authenticated (Linked in) user based on
> email or any other attribute to local user, before we create a profile
> dynamically in Data store ?
>
> --
> Thanks
>  
> Saikumar T
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: User map between local users and Linked in Social authenticated users in Openam 12

Saikumar Thalupuru
In reply to this post by Saikumar Thalupuru
Hi Brenhrard,

I configured Linkedin as social authentication to my realm.. when I try to login as linkedin user.. OpenAM is trying to a create a new user... which is fine...

In this scenario, is there a way to map the linkedin user profile to existing OpenAM user profile based on the email ID.

Thank

Sai

On Sun, Jan 24, 2016 at 8:37 PM, Saikumar Thalupuru <[hidden email]> wrote:
Hi All,

Is there a way to map the social authenticated (Linked in) user based on email or any other attribute to local user, before we create a profile dynamically in Data store ?

--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: User map between local users and Linked in Social authenticated users in Openam 12

Bernhard Thalmayr
Have you checked your Account Mapper Configuration and the debug logs?

-Bernhard

Am 26/01/16 um 15:37 schrieb Saikumar Thalupuru:

> Hi Brenhrard,
>
> I configured Linkedin as social authentication to my realm.. when I try
> to login as linkedin user.. OpenAM is trying to a create a new user...
> which is fine...
>
> In this scenario, is there a way to map the linkedin user profile to
> existing OpenAM user profile based on the email ID.
>
> Thank
>
> Sai
>
> On Sun, Jan 24, 2016 at 8:37 PM, Saikumar Thalupuru
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     Hi All,
>
>     Is there a way to map the social authenticated (Linked in) user
>     based on email or any other attribute to local user, before we
>     create a profile dynamically in Data store ?
>
>     --
>     Thanks
>      
>     Saikumar T
>
>
>
>
> --
> Thanks
>  
> Saikumar T
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: User map between local users and Linked in Social authenticated users in Openam 12

Saikumar Thalupuru
In reply to this post by Saikumar Thalupuru
Bernhard,


Yes,  I do see error while try to get the attribute emailattribute error..

Authentication log in Debug directory:

amAuth:01/26/2016 07:47:15:474 PM IST: Thread[http-bio-80-exec-4,5,main]
ERROR: defaultAttributeMapper.getAttributes: Could not get the attribute emailaddress
org.json.JSONException: JSONObject["emailaddress"] not found.


Below is the mapping which I have currently

OpenAM Attribute map:

org-forgerock-auth-oauth-attribute-mapper-configuration=id=uid
org-forgerock-auth-oauth-attribute-mapper-configuration=firstName=givenName
org-forgerock-auth-oauth-attribute-mapper-configuration=lastName=sn
org-forgerock-auth-oauth-attribute-mapper-configuration=emailaddress=mail

Linkedin Oauth Scope

Default Application Permissions

r_basicprofile

r_emailaddress

Thanks

Sai

On Tue, Jan 26, 2016 at 8:07 PM, Saikumar Thalupuru <[hidden email]> wrote:
Hi Brenhrard,

I configured Linkedin as social authentication to my realm.. when I try to login as linkedin user.. OpenAM is trying to a create a new user... which is fine...

In this scenario, is there a way to map the linkedin user profile to existing OpenAM user profile based on the email ID.

Thank

Sai

On Sun, Jan 24, 2016 at 8:37 PM, Saikumar Thalupuru <[hidden email]> wrote:
Hi All,

Is there a way to map the social authenticated (Linked in) user based on email or any other attribute to local user, before we create a profile dynamically in Data store ?

--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: User map between local users and Linked in Social authenticated users in Openam 12

Bernhard Thalmayr
It seems the configured attribute is not in the response.

You may set debug level to 'message' this should show the response ...

-Bernhard

Am 26/01/16 um 16:53 schrieb Saikumar Thalupuru:

> Bernhard,
>
>
> Yes,  I do see error while try to get the attribute emailattribute error..
>
> Authentication log in Debug directory:
>
> amAuth:01/26/2016 07:47:15:474 PM IST: Thread[http-bio-80-exec-4,5,main]
> ERROR: defaultAttributeMapper.getAttributes: Could not get the attribute
> emailaddress
> org.json.JSONException: JSONObject["emailaddress"] not found.
>
>
> Below is the mapping which I have currently
>
> *OpenAM Attribute map:*
>
> org-forgerock-auth-oauth-attribute-mapper-configuration=id=uid
> org-forgerock-auth-oauth-attribute-mapper-configuration=firstName=givenName
> org-forgerock-auth-oauth-attribute-mapper-configuration=lastName=sn
> org-forgerock-auth-oauth-attribute-mapper-configuration=emailaddress=mail
>
> *_Linkedin Oauth Scope_*
>
> Default Application Permissions
>
> r_basicprofile
>
> r_emailaddress
>
> Thanks
>
> Sai
>
> On Tue, Jan 26, 2016 at 8:07 PM, Saikumar Thalupuru
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     Hi Brenhrard,
>
>     I configured Linkedin as social authentication to my realm.. when I
>     try to login as linkedin user.. OpenAM is trying to a create a new
>     user... which is fine...
>
>     In this scenario, is there a way to map the linkedin user profile to
>     existing OpenAM user profile based on the email ID.
>
>     Thank
>
>     Sai
>
>     On Sun, Jan 24, 2016 at 8:37 PM, Saikumar Thalupuru
>     <[hidden email] <mailto:[hidden email]>> wrote:
>
>         Hi All,
>
>         Is there a way to map the social authenticated (Linked in) user
>         based on email or any other attribute to local user, before we
>         create a profile dynamically in Data store ?
>
>         --
>         Thanks
>          
>         Saikumar T
>
>
>
>
>     --
>     Thanks
>      
>     Saikumar T
>
>
>
>
> --
> Thanks
>  
> Saikumar T
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: User map between local users and Linked in Social authenticated users in Openam 12

Saikumar Thalupuru
In reply to this post by Saikumar Thalupuru
Hi Bernhard,

Could you review attached message log.. 


I do see mail id is not coming as part Linkedin OAuth Scope from Linkedin. Do I have to do any specific changes in OpenAM config which  I missed unintentionally.


access_token: AQUxNuJceHkd2Kx3CAcPlIexVPUDdAxZHCnxe2UeaLIrlq3oEPr6ULOUeuAqaPhS9VmUSRz9a7k7Mjr5Z2F6zf0WvdRgpkGAV4wUvty4QftRets2l2HkCf3FQ-H0rLDWrh1fBtVR8kE7fdYi4CDq9SB8jXpj-8XpfjteUJN3W3PBuHbKczw
amAuth:01/26/2016 09:54:46:723 PM IST: Thread[http-bio-80-exec-9,5,main]
amAuth:01/26/2016 09:54:47:488 PM IST: Thread[http-bio-80-exec-9,5,main]
OAuth.getContentStreamByGET: HTTP Conn OK
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
OAuth.process(): Profile Svc response: {  "firstName": "Saikumar",  "headline": "Attended DR MFGR",  "id": "FJFJdE6tXR",  "lastName": "T V",  "siteStandardProfileRequest": {"url": "https://www.linkedin.com/profile/view?id=466325082&authType=name&authToken=hUD6&trk=api*a4228273*s4295213*"}}
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
defaultAttributeMapper.getAttributes: {id=uid, emailaddress=mail}
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
defaultAttributeMapper.getAttributes: id:uid
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
defaultAttributeMapper.getAttributes: emailaddress:mail
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
ERROR: defaultAttributeMapper.getAttributes: Could not get the attributeemailaddress
org.json.JSONException: JSONObject["emailaddress"] not found.
at org.json.JSONObject.get(JSONObject.java:498)
at org.json.JSONObject.getString(JSONObject.java:669)
at org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper.getAttributes(JsonAttributeMapper.java:107)
at org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper.getAttributes(JsonAttributeMapper.java:45)
at org.forgerock.openam.authentication.modules.oauth2.OAuth.getAttributes(OAuth.java:536)
at org.forgerock.openam.authentication.modules.oauth2.OAuth.process(OAuth.java:283)
at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1023)
at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1197)
at sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source)


Regards

Sai

On Tue, Jan 26, 2016 at 9:23 PM, Saikumar Thalupuru <[hidden email]> wrote:
Bernhard,


Yes,  I do see error while try to get the attribute emailattribute error..

Authentication log in Debug directory:

amAuth:01/26/2016 07:47:15:474 PM IST: Thread[http-bio-80-exec-4,5,main]
ERROR: defaultAttributeMapper.getAttributes: Could not get the attribute emailaddress
org.json.JSONException: JSONObject["emailaddress"] not found.


Below is the mapping which I have currently

OpenAM Attribute map:

org-forgerock-auth-oauth-attribute-mapper-configuration=id=uid
org-forgerock-auth-oauth-attribute-mapper-configuration=firstName=givenName
org-forgerock-auth-oauth-attribute-mapper-configuration=lastName=sn
org-forgerock-auth-oauth-attribute-mapper-configuration=emailaddress=mail

Linkedin Oauth Scope

Default Application Permissions

r_basicprofile

r_emailaddress

Thanks

Sai

On Tue, Jan 26, 2016 at 8:07 PM, Saikumar Thalupuru <[hidden email]> wrote:
Hi Brenhrard,

I configured Linkedin as social authentication to my realm.. when I try to login as linkedin user.. OpenAM is trying to a create a new user... which is fine...

In this scenario, is there a way to map the linkedin user profile to existing OpenAM user profile based on the email ID.

Thank

Sai

On Sun, Jan 24, 2016 at 8:37 PM, Saikumar Thalupuru <[hidden email]> wrote:
Hi All,

Is there a way to map the social authenticated (Linked in) user based on email or any other attribute to local user, before we create a profile dynamically in Data store ?

--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam

Authentication (160K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: User map between local users and Linked in Social authenticated users in Openam 12

Bernhard Thalmayr
Am 26/01/16 um 17:36 schrieb Saikumar Thalupuru:
> Hi Bernhard,
>
> Could you review attached message log..
>
>
> I do see mail id is not coming as part Linkedin OAuth Scope from
> Linkedin. Do I have to do any specific changes in OpenAM config which  I
> missed unintentionally.


Either a different scope is needed or you need to revistig the
configuration on LinkedIn side.

-Bernhard

>
>
> access_token:
> AQUxNuJceHkd2Kx3CAcPlIexVPUDdAxZHCnxe2UeaLIrlq3oEPr6ULOUeuAqaPhS9VmUSRz9a7k7Mjr5Z2F6zf0WvdRgpkGAV4wUvty4QftRets2l2HkCf3FQ-H0rLDWrh1fBtVR8kE7fdYi4CDq9SB8jXpj-8XpfjteUJN3W3PBuHbKczw
> amAuth:01/26/2016 09:54:46:723 PM IST: Thread[http-bio-80-exec-9,5,main]
> service url: https://api.linkedin.com/v1/people/~?format=json
> amAuth:01/26/2016 09:54:47:488 PM IST: Thread[http-bio-80-exec-9,5,main]
> OAuth.getContentStreamByGET: HTTP Conn OK
> amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
> OAuth.process(): Profile Svc response: {  "firstName": "Saikumar",
>  "headline": "Attended DR MFGR",  "id": "FJFJdE6tXR",  "lastName": "T
> V",  "siteStandardProfileRequest": {"url":
> "https://www.linkedin.com/profile/view?id=466325082&authType=name&authToken=hUD6&trk=api*a4228273*s4295213*"}}
> amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
> defaultAttributeMapper.getAttributes: {id=uid, emailaddress=mail}
> amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
> defaultAttributeMapper.getAttributes: id:uid
> amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
> defaultAttributeMapper.getAttributes: emailaddress:mail
> amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
> ERROR: defaultAttributeMapper.getAttributes: Could not get the
> attributeemailaddress
> org.json.JSONException: JSONObject["emailaddress"] not found.
> at org.json.JSONObject.get(JSONObject.java:498)
> at org.json.JSONObject.getString(JSONObject.java:669)
> at
> org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper.getAttributes(JsonAttributeMapper.java:107)
> at
> org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper.getAttributes(JsonAttributeMapper.java:45)
> at
> org.forgerock.openam.authentication.modules.oauth2.OAuth.getAttributes(OAuth.java:536)
> at
> org.forgerock.openam.authentication.modules.oauth2.OAuth.process(OAuth.java:283)
> at
> com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1023)
> at
> com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1197)
> at sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source)
>
>
> Regards
>
> Sai
>
> On Tue, Jan 26, 2016 at 9:23 PM, Saikumar Thalupuru
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     Bernhard,
>
>
>     Yes,  I do see error while try to get the attribute emailattribute
>     error..
>
>     Authentication log in Debug directory:
>
>     amAuth:01/26/2016 07:47:15:474 PM IST: Thread[http-bio-80-exec-4,5,main]
>     ERROR: defaultAttributeMapper.getAttributes: Could not get the
>     attribute emailaddress
>     org.json.JSONException: JSONObject["emailaddress"] not found.
>
>
>     Below is the mapping which I have currently
>
>     *OpenAM Attribute map:*
>
>     org-forgerock-auth-oauth-attribute-mapper-configuration=id=uid
>     org-forgerock-auth-oauth-attribute-mapper-configuration=firstName=givenName
>     org-forgerock-auth-oauth-attribute-mapper-configuration=lastName=sn
>     org-forgerock-auth-oauth-attribute-mapper-configuration=emailaddress=mail
>
>     *_Linkedin Oauth Scope_*
>
>     Default Application Permissions
>
>     r_basicprofile
>
>     r_emailaddress
>
>     Thanks
>
>     Sai
>
>     On Tue, Jan 26, 2016 at 8:07 PM, Saikumar Thalupuru
>     <[hidden email] <mailto:[hidden email]>> wrote:
>
>         Hi Brenhrard,
>
>         I configured Linkedin as social authentication to my realm..
>         when I try to login as linkedin user.. OpenAM is trying to a
>         create a new user... which is fine...
>
>         In this scenario, is there a way to map the linkedin user
>         profile to existing OpenAM user profile based on the email ID.
>
>         Thank
>
>         Sai
>
>         On Sun, Jan 24, 2016 at 8:37 PM, Saikumar Thalupuru
>         <[hidden email] <mailto:[hidden email]>> wrote:
>
>             Hi All,
>
>             Is there a way to map the social authenticated (Linked in)
>             user based on email or any other attribute to local user,
>             before we create a profile dynamically in Data store ?
>
>             --
>             Thanks
>              
>             Saikumar T
>
>
>
>
>         --
>         Thanks
>          
>         Saikumar T
>
>
>
>
>     --
>     Thanks
>      
>     Saikumar T
>
>
>
>
> --
> Thanks
>  
> Saikumar T
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: User map between local users and Linked in Social authenticated users in Openam 12

Bernhard Thalmayr
In reply to this post by Saikumar Thalupuru
You may check Peter's blog as well

http://blogs.forgerock.org/petermajor/2015/12/how-to-configure-social-authentication-with-linkedin/


-Bernhard

Am 26/01/16 um 17:36 schrieb Saikumar Thalupuru:

> Hi Bernhard,
>
> Could you review attached message log..
>
>
> I do see mail id is not coming as part Linkedin OAuth Scope from
> Linkedin. Do I have to do any specific changes in OpenAM config which  I
> missed unintentionally.
>
>
> access_token:
> AQUxNuJceHkd2Kx3CAcPlIexVPUDdAxZHCnxe2UeaLIrlq3oEPr6ULOUeuAqaPhS9VmUSRz9a7k7Mjr5Z2F6zf0WvdRgpkGAV4wUvty4QftRets2l2HkCf3FQ-H0rLDWrh1fBtVR8kE7fdYi4CDq9SB8jXpj-8XpfjteUJN3W3PBuHbKczw
> amAuth:01/26/2016 09:54:46:723 PM IST: Thread[http-bio-80-exec-9,5,main]
> service url: https://api.linkedin.com/v1/people/~?format=json
> amAuth:01/26/2016 09:54:47:488 PM IST: Thread[http-bio-80-exec-9,5,main]
> OAuth.getContentStreamByGET: HTTP Conn OK
> amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
> OAuth.process(): Profile Svc response: {  "firstName": "Saikumar",
>  "headline": "Attended DR MFGR",  "id": "FJFJdE6tXR",  "lastName": "T
> V",  "siteStandardProfileRequest": {"url":
> "https://www.linkedin.com/profile/view?id=466325082&authType=name&authToken=hUD6&trk=api*a4228273*s4295213*"}}
> amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
> defaultAttributeMapper.getAttributes: {id=uid, emailaddress=mail}
> amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
> defaultAttributeMapper.getAttributes: id:uid
> amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
> defaultAttributeMapper.getAttributes: emailaddress:mail
> amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
> ERROR: defaultAttributeMapper.getAttributes: Could not get the
> attributeemailaddress
> org.json.JSONException: JSONObject["emailaddress"] not found.
> at org.json.JSONObject.get(JSONObject.java:498)
> at org.json.JSONObject.getString(JSONObject.java:669)
> at
> org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper.getAttributes(JsonAttributeMapper.java:107)
> at
> org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper.getAttributes(JsonAttributeMapper.java:45)
> at
> org.forgerock.openam.authentication.modules.oauth2.OAuth.getAttributes(OAuth.java:536)
> at
> org.forgerock.openam.authentication.modules.oauth2.OAuth.process(OAuth.java:283)
> at
> com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1023)
> at
> com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1197)
> at sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source)
>
>
> Regards
>
> Sai
>
> On Tue, Jan 26, 2016 at 9:23 PM, Saikumar Thalupuru
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     Bernhard,
>
>
>     Yes,  I do see error while try to get the attribute emailattribute
>     error..
>
>     Authentication log in Debug directory:
>
>     amAuth:01/26/2016 07:47:15:474 PM IST: Thread[http-bio-80-exec-4,5,main]
>     ERROR: defaultAttributeMapper.getAttributes: Could not get the
>     attribute emailaddress
>     org.json.JSONException: JSONObject["emailaddress"] not found.
>
>
>     Below is the mapping which I have currently
>
>     *OpenAM Attribute map:*
>
>     org-forgerock-auth-oauth-attribute-mapper-configuration=id=uid
>     org-forgerock-auth-oauth-attribute-mapper-configuration=firstName=givenName
>     org-forgerock-auth-oauth-attribute-mapper-configuration=lastName=sn
>     org-forgerock-auth-oauth-attribute-mapper-configuration=emailaddress=mail
>
>     *_Linkedin Oauth Scope_*
>
>     Default Application Permissions
>
>     r_basicprofile
>
>     r_emailaddress
>
>     Thanks
>
>     Sai
>
>     On Tue, Jan 26, 2016 at 8:07 PM, Saikumar Thalupuru
>     <[hidden email] <mailto:[hidden email]>> wrote:
>
>         Hi Brenhrard,
>
>         I configured Linkedin as social authentication to my realm..
>         when I try to login as linkedin user.. OpenAM is trying to a
>         create a new user... which is fine...
>
>         In this scenario, is there a way to map the linkedin user
>         profile to existing OpenAM user profile based on the email ID.
>
>         Thank
>
>         Sai
>
>         On Sun, Jan 24, 2016 at 8:37 PM, Saikumar Thalupuru
>         <[hidden email] <mailto:[hidden email]>> wrote:
>
>             Hi All,
>
>             Is there a way to map the social authenticated (Linked in)
>             user based on email or any other attribute to local user,
>             before we create a profile dynamically in Data store ?
>
>             --
>             Thanks
>              
>             Saikumar T
>
>
>
>
>         --
>         Thanks
>          
>         Saikumar T
>
>
>
>
>     --
>     Thanks
>      
>     Saikumar T
>
>
>
>
> --
> Thanks
>  
> Saikumar T
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: User map between local users and Linked in Social authenticated users in Openam 12

Saikumar Thalupuru
In reply to this post by Saikumar Thalupuru
Hi Bernhard,


You are right.. I think I need to use different scope (https://api.linkedin.com/v1/people/~/email-address). I found it and got the email id in the message log.. however I may required to extend the  out of the box attribuemap class to allow email-address scope value.



Regards

Sai

On Tue, Jan 26, 2016 at 10:06 PM, Saikumar Thalupuru <[hidden email]> wrote:
Hi Bernhard,

Could you review attached message log.. 


I do see mail id is not coming as part Linkedin OAuth Scope from Linkedin. Do I have to do any specific changes in OpenAM config which  I missed unintentionally.


access_token: AQUxNuJceHkd2Kx3CAcPlIexVPUDdAxZHCnxe2UeaLIrlq3oEPr6ULOUeuAqaPhS9VmUSRz9a7k7Mjr5Z2F6zf0WvdRgpkGAV4wUvty4QftRets2l2HkCf3FQ-H0rLDWrh1fBtVR8kE7fdYi4CDq9SB8jXpj-8XpfjteUJN3W3PBuHbKczw
amAuth:01/26/2016 09:54:46:723 PM IST: Thread[http-bio-80-exec-9,5,main]
amAuth:01/26/2016 09:54:47:488 PM IST: Thread[http-bio-80-exec-9,5,main]
OAuth.getContentStreamByGET: HTTP Conn OK
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
OAuth.process(): Profile Svc response: {  "firstName": "Saikumar",  "headline": "Attended DR MFGR",  "id": "FJFJdE6tXR",  "lastName": "T V",  "siteStandardProfileRequest": {"url": "https://www.linkedin.com/profile/view?id=466325082&authType=name&authToken=hUD6&trk=api*a4228273*s4295213*"}}
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
defaultAttributeMapper.getAttributes: {id=uid, emailaddress=mail}
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
defaultAttributeMapper.getAttributes: id:uid
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
defaultAttributeMapper.getAttributes: emailaddress:mail
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
ERROR: defaultAttributeMapper.getAttributes: Could not get the attributeemailaddress
org.json.JSONException: JSONObject["emailaddress"] not found.
at org.json.JSONObject.get(JSONObject.java:498)
at org.json.JSONObject.getString(JSONObject.java:669)
at org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper.getAttributes(JsonAttributeMapper.java:107)
at org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper.getAttributes(JsonAttributeMapper.java:45)
at org.forgerock.openam.authentication.modules.oauth2.OAuth.getAttributes(OAuth.java:536)
at org.forgerock.openam.authentication.modules.oauth2.OAuth.process(OAuth.java:283)
at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1023)
at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1197)
at sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source)


Regards

Sai

On Tue, Jan 26, 2016 at 9:23 PM, Saikumar Thalupuru <[hidden email]> wrote:
Bernhard,


Yes,  I do see error while try to get the attribute emailattribute error..

Authentication log in Debug directory:

amAuth:01/26/2016 07:47:15:474 PM IST: Thread[http-bio-80-exec-4,5,main]
ERROR: defaultAttributeMapper.getAttributes: Could not get the attribute emailaddress
org.json.JSONException: JSONObject["emailaddress"] not found.


Below is the mapping which I have currently

OpenAM Attribute map:

org-forgerock-auth-oauth-attribute-mapper-configuration=id=uid
org-forgerock-auth-oauth-attribute-mapper-configuration=firstName=givenName
org-forgerock-auth-oauth-attribute-mapper-configuration=lastName=sn
org-forgerock-auth-oauth-attribute-mapper-configuration=emailaddress=mail

Linkedin Oauth Scope

Default Application Permissions

r_basicprofile

r_emailaddress

Thanks

Sai

On Tue, Jan 26, 2016 at 8:07 PM, Saikumar Thalupuru <[hidden email]> wrote:
Hi Brenhrard,

I configured Linkedin as social authentication to my realm.. when I try to login as linkedin user.. OpenAM is trying to a create a new user... which is fine...

In this scenario, is there a way to map the linkedin user profile to existing OpenAM user profile based on the email ID.

Thank

Sai

On Sun, Jan 24, 2016 at 8:37 PM, Saikumar Thalupuru <[hidden email]> wrote:
Hi All,

Is there a way to map the social authenticated (Linked in) user based on email or any other attribute to local user, before we create a profile dynamically in Data store ?

--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: User map between local users and Linked in Social authenticated users in Openam 12

Bernhard Thalmayr
There is a 'Scope' property in the config section for the OAUTH2 auth
module instance ....

-Bernhard

Am 26/01/16 um 19:03 schrieb Saikumar Thalupuru:

> Hi Bernhard,
>
>
> You are right.. I think I need to use different scope
> (https://api.linkedin.com/v1/people/~/email-address). I found it and got
> the email id in the message log.. however I may required to extend the
> Â out of the box attribuemap class to allow email-address scope value.
>
>
> https://developer-programs.linkedin.com/oauth-10a-overview
>
> Regards
>
> Sai
>
> On Tue, Jan 26, 2016 at 10:06 PM, Saikumar Thalupuru
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     Hi Bernhard,
>
>     Could you review attached message log..Â
>
>
>     I do see mail id is not coming as part Linkedin OAuth Scope from
>     Linkedin. Do I have to do any specific changes in OpenAM config
>     which  I missed unintentionally.
>
>
>     access_token:
>     AQUxNuJceHkd2Kx3CAcPlIexVPUDdAxZHCnxe2UeaLIrlq3oEPr6ULOUeuAqaPhS9VmUSRz9a7k7Mjr5Z2F6zf0WvdRgpkGAV4wUvty4QftRets2l2HkCf3FQ-H0rLDWrh1fBtVR8kE7fdYi4CDq9SB8jXpj-8XpfjteUJN3W3PBuHbKczw
>     amAuth:01/26/2016 09:54:46:723 PM IST: Thread[http-bio-80-exec-9,5,main]
>     service url: https://api.linkedin.com/v1/people/~?format=json
>     amAuth:01/26/2016 09:54:47:488 PM IST: Thread[http-bio-80-exec-9,5,main]
>     OAuth.getContentStreamByGET: HTTP Conn OK
>     amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
>     OAuth.process(): Profile Svc response: { Â "firstName": "Saikumar",
>     Â "headline": "Attended DR MFGR", Â "id": "FJFJdE6tXR",
>     Â "lastName": "T V", Â "siteStandardProfileRequest": {"url":
>     "https://www.linkedin.com/profile/view?id=466325082&authType=name&authToken=hUD6&trk=api*a4228273*s4295213*"}}
>     amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
>     defaultAttributeMapper.getAttributes: {id=uid, emailaddress=mail}
>     amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
>     defaultAttributeMapper.getAttributes: id:uid
>     amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
>     defaultAttributeMapper.getAttributes: emailaddress:mail
>     amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
>     ERROR: defaultAttributeMapper.getAttributes: Could not get the
>     attributeemailaddress
>     org.json.JSONException: JSONObject["emailaddress"] not found.
>     at org.json.JSONObject.get(JSONObject.java:498)
>     at org.json.JSONObject.getString(JSONObject.java:669)
>     at
>     org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper.getAttributes(JsonAttributeMapper.java:107)
>     at
>     org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper.getAttributes(JsonAttributeMapper.java:45)
>     at
>     org.forgerock.openam.authentication.modules.oauth2.OAuth.getAttributes(OAuth.java:536)
>     at
>     org.forgerock.openam.authentication.modules.oauth2.OAuth.process(OAuth.java:283)
>     at
>     com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1023)
>     at
>     com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1197)
>     at sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source)
>
>
>     Regards
>
>     Sai
>
>     On Tue, Jan 26, 2016 at 9:23 PM, Saikumar Thalupuru
>     <[hidden email] <mailto:[hidden email]>> wrote:
>
>         Bernhard,
>
>
>         Yes, Â I do see error while try to get the attribute
>         emailattribute error..
>
>         Authentication log in Debug directory:
>
>         amAuth:01/26/2016 07:47:15:474 PM IST:
>         Thread[http-bio-80-exec-4,5,main]
>         ERROR: defaultAttributeMapper.getAttributes: Could not get the
>         attribute emailaddress
>         org.json.JSONException: JSONObject["emailaddress"] not found.
>
>
>         Below is the mapping which I have currently
>
>         *OpenAM Attribute map:*
>
>         org-forgerock-auth-oauth-attribute-mapper-configuration=id=uid
>         org-forgerock-auth-oauth-attribute-mapper-configuration=firstName=givenName
>         org-forgerock-auth-oauth-attribute-mapper-configuration=lastName=sn
>         org-forgerock-auth-oauth-attribute-mapper-configuration=emailaddress=mail
>
>         *_Linkedin Oauth Scope_*
>
>         Default Application Permissions
>
>         r_basicprofile
>
>         r_emailaddress
>
>         Thanks
>
>         Sai
>
>         On Tue, Jan 26, 2016 at 8:07 PM, Saikumar Thalupuru
>         <[hidden email] <mailto:[hidden email]>> wrote:
>
>             Hi Brenhrard,
>
>             I configured Linkedin as social authentication to my realm..
>             when I try to login as linkedin user.. OpenAM is trying to a
>             create a new user... which is fine...
>
>             In this scenario, is there a way to map the linkedin user
>             profile to existing OpenAM user profile based on the email ID.
>
>             Thank
>
>             Sai
>
>             On Sun, Jan 24, 2016 at 8:37 PM, Saikumar Thalupuru
>             <[hidden email] <mailto:[hidden email]>>
>             wrote:
>
>                 Hi All,
>
>                 Is there a way to map the social authenticated (Linked
>                 in) user based on email or any other attribute to local
>                 user, before we create a profile dynamically in Data store ?
>
>                 --
>                 Thanks
>                 Â
>                 Saikumar T
>
>
>
>
>             --
>             Thanks
>             Â
>             Saikumar T
>
>
>
>
>         --
>         Thanks
>         Â
>         Saikumar T
>
>
>
>
>     --
>     Thanks
>     Â
>     Saikumar T
>
>
>
>
> --
> Thanks
> Â
> Saikumar T
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: User map between local users and Linked in Social authenticated users in Openam 12

Saikumar Thalupuru
In reply to this post by Saikumar Thalupuru
r_emailaddress is the value for the scope attribute in the authentication module.. but this will use receive the attribute named as "email-address"

I have updated the same in attribute mapping too, but no luck..

email-address=mail


Linkedin OAuth API Trace


Connection:
keep-alive
Content-Type:
text/xml;charset=UTF-8
Server:
Apache-Coyote/1.1

<?xml version="1.0" encoding="UTF-8"?>
<email-address>[hidden email]</email-address>




On Tue, Jan 26, 2016 at 11:33 PM, Saikumar Thalupuru <[hidden email]> wrote:
Hi Bernhard,


You are right.. I think I need to use different scope (https://api.linkedin.com/v1/people/~/email-address). I found it and got the email id in the message log.. however I may required to extend the  out of the box attribuemap class to allow email-address scope value.



Regards

Sai

On Tue, Jan 26, 2016 at 10:06 PM, Saikumar Thalupuru <[hidden email]> wrote:
Hi Bernhard,

Could you review attached message log.. 


I do see mail id is not coming as part Linkedin OAuth Scope from Linkedin. Do I have to do any specific changes in OpenAM config which  I missed unintentionally.


access_token: AQUxNuJceHkd2Kx3CAcPlIexVPUDdAxZHCnxe2UeaLIrlq3oEPr6ULOUeuAqaPhS9VmUSRz9a7k7Mjr5Z2F6zf0WvdRgpkGAV4wUvty4QftRets2l2HkCf3FQ-H0rLDWrh1fBtVR8kE7fdYi4CDq9SB8jXpj-8XpfjteUJN3W3PBuHbKczw
amAuth:01/26/2016 09:54:46:723 PM IST: Thread[http-bio-80-exec-9,5,main]
amAuth:01/26/2016 09:54:47:488 PM IST: Thread[http-bio-80-exec-9,5,main]
OAuth.getContentStreamByGET: HTTP Conn OK
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
OAuth.process(): Profile Svc response: {  "firstName": "Saikumar",  "headline": "Attended DR MFGR",  "id": "FJFJdE6tXR",  "lastName": "T V",  "siteStandardProfileRequest": {"url": "https://www.linkedin.com/profile/view?id=466325082&authType=name&authToken=hUD6&trk=api*a4228273*s4295213*"}}
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
defaultAttributeMapper.getAttributes: {id=uid, emailaddress=mail}
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
defaultAttributeMapper.getAttributes: id:uid
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
defaultAttributeMapper.getAttributes: emailaddress:mail
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
ERROR: defaultAttributeMapper.getAttributes: Could not get the attributeemailaddress
org.json.JSONException: JSONObject["emailaddress"] not found.
at org.json.JSONObject.get(JSONObject.java:498)
at org.json.JSONObject.getString(JSONObject.java:669)
at org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper.getAttributes(JsonAttributeMapper.java:107)
at org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper.getAttributes(JsonAttributeMapper.java:45)
at org.forgerock.openam.authentication.modules.oauth2.OAuth.getAttributes(OAuth.java:536)
at org.forgerock.openam.authentication.modules.oauth2.OAuth.process(OAuth.java:283)
at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1023)
at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1197)
at sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source)


Regards

Sai

On Tue, Jan 26, 2016 at 9:23 PM, Saikumar Thalupuru <[hidden email]> wrote:
Bernhard,


Yes,  I do see error while try to get the attribute emailattribute error..

Authentication log in Debug directory:

amAuth:01/26/2016 07:47:15:474 PM IST: Thread[http-bio-80-exec-4,5,main]
ERROR: defaultAttributeMapper.getAttributes: Could not get the attribute emailaddress
org.json.JSONException: JSONObject["emailaddress"] not found.


Below is the mapping which I have currently

OpenAM Attribute map:

org-forgerock-auth-oauth-attribute-mapper-configuration=id=uid
org-forgerock-auth-oauth-attribute-mapper-configuration=firstName=givenName
org-forgerock-auth-oauth-attribute-mapper-configuration=lastName=sn
org-forgerock-auth-oauth-attribute-mapper-configuration=emailaddress=mail

Linkedin Oauth Scope

Default Application Permissions

r_basicprofile

r_emailaddress

Thanks

Sai

On Tue, Jan 26, 2016 at 8:07 PM, Saikumar Thalupuru <[hidden email]> wrote:
Hi Brenhrard,

I configured Linkedin as social authentication to my realm.. when I try to login as linkedin user.. OpenAM is trying to a create a new user... which is fine...

In this scenario, is there a way to map the linkedin user profile to existing OpenAM user profile based on the email ID.

Thank

Sai

On Sun, Jan 24, 2016 at 8:37 PM, Saikumar Thalupuru <[hidden email]> wrote:
Hi All,

Is there a way to map the social authenticated (Linked in) user based on email or any other attribute to local user, before we create a profile dynamically in Data store ?

--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: User map between local users and Linked in Social authenticated users in Openam 12

Saikumar Thalupuru
below is the log snippet.

amAuth:01/26/2016 11:37:49:609 PM IST: Thread[http-bio-80-exec-6,5,main]
OAuth.process(): Profile Svc response: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><email-address>[hidden email]</email-address>
amAuth:01/26/2016 11:37:49:609 PM IST: Thread[http-bio-80-exec-6,5,main]
defaultAttributeMapper.getAttributes: {email-address=mail}
amAuth:01/26/2016 11:37:49:609 PM IST: Thread[http-bio-80-exec-6,5,main]
ERROR: OAuth.process(): JSONException: A JSONObject text must begin with '{' at character 1
amLoginModule:01/26/2016 11:37:49:609 PM IST: Thread[http-bio-80-exec-6,5,main]
SETTING Failure Module name.... :linkedin
amJAAS:01/26/2016 11:37:49:609 PM IST: Thread[http-bio-80-exec-6,5,main]
Method login LoginModuleControlFlag: required failure.
amLoginModule:01/26/2016 11:37:49:609 PM IST: Thread[http-bio-80-exec-6,5,main]
ABORT return.... false
amJAAS:01/26/2016 11:37:49:609 PM IST: Thread[http-bio-80-exec-6,5,main]
abort ignored
amAuth:01/26/2016 11:37:49:609 PM IST: Thread[http-bio-80-exec-6,5,main]
LOGINFAILED Error....
amAuth:01/26/2016 11:37:49:609 PM IST: Thread[http-bio-80-exec-6,5,main]
Exception :
com.sun.identity.authentication.spi.AuthLoginException
        at org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper.getAttributes(JsonAttributeMapper.java:88)
        at org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper.getAttributes(JsonAttributeMapper.java:45)
        at org.forgerock.openam.authentication.modules.oauth2.OAuth.getAttributes(OAuth.java:536)
        at org.forgerock.openam.authentication.modules.oauth2.OAuth.process(OAuth.java:283)
        at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1023)
        at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1197)
        at sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)


On Tue, Jan 26, 2016 at 11:54 PM, Saikumar Thalupuru <[hidden email]> wrote:
r_emailaddress is the value for the scope attribute in the authentication module.. but this will use receive the attribute named as "email-address"

I have updated the same in attribute mapping too, but no luck..

email-address=mail


Linkedin OAuth API Trace


Connection:
keep-alive
Content-Type:
text/xml;charset=UTF-8
Server:
Apache-Coyote/1.1

<?xml version="1.0" encoding="UTF-8"?>
<email-address>[hidden email]</email-address>




On Tue, Jan 26, 2016 at 11:33 PM, Saikumar Thalupuru <[hidden email]> wrote:
Hi Bernhard,


You are right.. I think I need to use different scope (https://api.linkedin.com/v1/people/~/email-address). I found it and got the email id in the message log.. however I may required to extend the  out of the box attribuemap class to allow email-address scope value.



Regards

Sai

On Tue, Jan 26, 2016 at 10:06 PM, Saikumar Thalupuru <[hidden email]> wrote:
Hi Bernhard,

Could you review attached message log.. 


I do see mail id is not coming as part Linkedin OAuth Scope from Linkedin. Do I have to do any specific changes in OpenAM config which  I missed unintentionally.


access_token: AQUxNuJceHkd2Kx3CAcPlIexVPUDdAxZHCnxe2UeaLIrlq3oEPr6ULOUeuAqaPhS9VmUSRz9a7k7Mjr5Z2F6zf0WvdRgpkGAV4wUvty4QftRets2l2HkCf3FQ-H0rLDWrh1fBtVR8kE7fdYi4CDq9SB8jXpj-8XpfjteUJN3W3PBuHbKczw
amAuth:01/26/2016 09:54:46:723 PM IST: Thread[http-bio-80-exec-9,5,main]
amAuth:01/26/2016 09:54:47:488 PM IST: Thread[http-bio-80-exec-9,5,main]
OAuth.getContentStreamByGET: HTTP Conn OK
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
OAuth.process(): Profile Svc response: {  "firstName": "Saikumar",  "headline": "Attended DR MFGR",  "id": "FJFJdE6tXR",  "lastName": "T V",  "siteStandardProfileRequest": {"url": "https://www.linkedin.com/profile/view?id=466325082&authType=name&authToken=hUD6&trk=api*a4228273*s4295213*"}}
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
defaultAttributeMapper.getAttributes: {id=uid, emailaddress=mail}
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
defaultAttributeMapper.getAttributes: id:uid
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
defaultAttributeMapper.getAttributes: emailaddress:mail
amAuth:01/26/2016 09:54:47:489 PM IST: Thread[http-bio-80-exec-9,5,main]
ERROR: defaultAttributeMapper.getAttributes: Could not get the attributeemailaddress
org.json.JSONException: JSONObject["emailaddress"] not found.
at org.json.JSONObject.get(JSONObject.java:498)
at org.json.JSONObject.getString(JSONObject.java:669)
at org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper.getAttributes(JsonAttributeMapper.java:107)
at org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper.getAttributes(JsonAttributeMapper.java:45)
at org.forgerock.openam.authentication.modules.oauth2.OAuth.getAttributes(OAuth.java:536)
at org.forgerock.openam.authentication.modules.oauth2.OAuth.process(OAuth.java:283)
at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1023)
at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1197)
at sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source)


Regards

Sai

On Tue, Jan 26, 2016 at 9:23 PM, Saikumar Thalupuru <[hidden email]> wrote:
Bernhard,


Yes,  I do see error while try to get the attribute emailattribute error..

Authentication log in Debug directory:

amAuth:01/26/2016 07:47:15:474 PM IST: Thread[http-bio-80-exec-4,5,main]
ERROR: defaultAttributeMapper.getAttributes: Could not get the attribute emailaddress
org.json.JSONException: JSONObject["emailaddress"] not found.


Below is the mapping which I have currently

OpenAM Attribute map:

org-forgerock-auth-oauth-attribute-mapper-configuration=id=uid
org-forgerock-auth-oauth-attribute-mapper-configuration=firstName=givenName
org-forgerock-auth-oauth-attribute-mapper-configuration=lastName=sn
org-forgerock-auth-oauth-attribute-mapper-configuration=emailaddress=mail

Linkedin Oauth Scope

Default Application Permissions

r_basicprofile

r_emailaddress

Thanks

Sai

On Tue, Jan 26, 2016 at 8:07 PM, Saikumar Thalupuru <[hidden email]> wrote:
Hi Brenhrard,

I configured Linkedin as social authentication to my realm.. when I try to login as linkedin user.. OpenAM is trying to a create a new user... which is fine...

In this scenario, is there a way to map the linkedin user profile to existing OpenAM user profile based on the email ID.

Thank

Sai

On Sun, Jan 24, 2016 at 8:37 PM, Saikumar Thalupuru <[hidden email]> wrote:
Hi All,

Is there a way to map the social authenticated (Linked in) user based on email or any other attribute to local user, before we create a profile dynamically in Data store ?

--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T



--
Thanks
 
Saikumar T

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam