Using OAuth 2.0 Through OpenAM

To enable roles mapping and username retrieval with OpenAM, perform the following configuration in the IdP:

1. Add value isMemberOf to the LDAP User Attributes list in your Data Store.
2. Add values uid|Username and isMemberOf|Groups to the scopes mapping in your OAuth agent configuration.

    

   Example configuration in Panopticon.properties:

   
      authentication.oauth2.client.id=panopticon
      authentication.oauth2.client.secret=password123
      authentication.oauth2.identity.attribute.roles=isMemberOf
      authentication.oauth2.identity.attribute.roles.pattern=cn=([^,]+)
      authentication.oauth2.identity.attribute.username=uid
      authentication.oauth2.identity.url=http://localhost:9080/openam/oauth2/tokeninfo
      authentication.oauth2.login.callback.url=http://localhost:8080/panopticon/server/rest/auth/login
      authentication.oauth2.login.redirect.url=
      authentication.oauth2.login.response.type=code
      authentication.oauth2.login.scope=uid isMemberOf   
      authentication.oauth2.login.url=http://localhost:9080/openam/oauth2/authorize
      authentication.oauth2.logout.redirect.url=http://localhost:8080/panopticon
      authentication.oauth2.logout.url=http://localhost:9080/openam/oauth2/token/revoke
      authentication.oauth2.token.method=QUERY
      authentication.oauth2.token.url=http://localhost:9080/openam/oauth2/access_token
      authentication.type=OAUTH2

(c) 2013-2024 Altair Engineering Inc. All Rights Reserved.

Intellectual Property Rights Notice | Technical Support