Introduction

Setup Details

NetIQ Access Manager Identity Server setup details.

1. Download the zip file and extract. OAuthConsumer_customAuthClass_v0.1.zip

• Copy the dist/oauthconsumer.jar file, which has custom authentication class and dependent library jar files to folder to your NAM 3.2.x Identity Server(s) /opt/novell/nam/idp/webapps/nidp/WEB-INF/lib

• Copy the commons-httpclient.jar, commons-io-1.4.jar, commons-lang-2.1.jar, json-200080701.jar, openid4java.jar, socialauth.jar files in extractedfolder/lib to IDP /opt/novell/nam/idp/webapps/nidp/WEB-INF/lib.

• Copy the jsp folder files to IDP, /opt/novell/nam/idp/webapps/nidp/jsp

• Copy socialauth folder in images folder to /opt/novell/nam/idp/webapps/nidp/images/

• Copy oauth_consumer.properties file to /opt/novell/nam/idp/webapps/nidp/WEB-INF/classes/

• Make sure all new files have file permissions as novlwww:novlwww and restart IDP

• To configure OAuth authentication, in the Administration Console, click Devices > Identity Servers > Edit > Local > Classes

• Click New then fill in the following fields
  

  Display name: OAuthConsumerCls
  
  Java class: Select Other
  
  Java class path: com.netiq.custom.OAuthAuthenticatorClass

  
  
  
  

• Click Next then configure the following properties: Click New and add the following:
  
  
  
  1. If user needs to be identified locally add this property, if not ignore. After the user authenticates at the OAuth/OpenID provider, Access Manager can associate a username from the user store with the OpenID user. With this association, Access Manager can use the policies defined for the username to enforce access to protected resources
     
     com.novell.nidp.authentication.local.openid.mapUser=true
  
  
• If above property is set to true, NAM identifies user locally, the following property is needed to identify user locally.
  

  com.novell.nidp.authentication.local.openid.ldapAttrName=givenName

• If auto provision need to be done, if user not exist locally. The following property needs to be set. External provider user properties will be used like facebook, gmail user profile.
  
  com.novell.nidp.authentication.local.openid.autoProvision=true
  
  
  
  

• Click finish.

• Your NAM authentication class is now defined. Next, define a NAM Identity Server Method using the custom OAuth consumer class, Click on Methods

• Click on New

• Fill in the following fields:
  

  Display name: OAuthConsumerMethod
  
  Class: select previously created class
  
  Identifies User: leave it selected
  
  User stores: You can select from the list of all the user stores you have set up and move it left.

  
  
  
  

• Click finish.

• Your NAM authentication Class and Method are complete. The last Identity Server configuration task is to create a contract. Click on Contracts and click new

• Fill in the following fields:
  

  Display name: OAuthConsumerContract

  
  
  URI: Specifies a value that uniquely identifies the contract from all other contracts
  
  Methods and Available Methods: Specifies the authentication method to use for the contract. Select created method and move it to left.
  
  
  
  
  

• Click Next

• Configure a card for the contract, select Image fill Text for tool tip

• Click Finish and then Ok

• Update IDP Server

Testing the configuration:

1. Get key from OAuth provider by registering and providing call back/return/success URL

• Here showing for facebook

• Access https://developers.facebook.com/apps/ ( for more info follow References 4)

• Login with facebook credentials, register as a developer.

• Follow developer registration wizard until Application screen is displayed

• Click on "Create New App"

• Enter details like app name (some name) etc. and click the "continue" button.
  
  
  

• Note down the AppID and AppSecret displayed for this Application - found under the Basic App Settings field shown below

• Click on website with facebook login

• Disable sandbox mode and Enter OAuth Call back url http(s)://yourdomain(:port)/nidp/jsp/socialauth_return.jsp
  
  
  
  

• Save Changes

• Summary page might look like this:
  
  
  
  

• Update /opt/novell/nam/idp/webapps/nidp/WEB-INF/classes/oauth_consumer.properties
  
  

  Example for facebook key as AppID and secret as AppSecret values (noted at step 'h' above or go to https://developers.facebook.com/apps and note down App ID/API Key and click on Show for App Secret):

  
  

  #facebook
  
  graph.facebook.com.consumer_key = 1234557890
  
  graph.facebook.com.consumer_secret = 07fdef……….

  
  
  

  For additional information about above properties, please refer to http://code.google.com/p/socialauth/wiki/SampleProperties or sample properties in downloaded zip file.

  
  
  

• Restart IDP with command "/etc/init.d/novell-idp restart"

• Access NetIQ Identity Server page http(s)://<<idp server >>:<<port>>/nidp or protected resource.
  
  
  
  

• Select the card (contract) of OAuth consumer.

• OAuth provider list displayed, select OAuth provider to be used for authentication, In This example click on Facebook.
  
  
  
  

• Browser takes to OAuth provider site Facebook, provide credentials and submit.
  
  
  

• Authorization prompt from OAuth provider shows, allow NAM as consumer to OAuth provider.
  
  
  

• Authentication success: shows you are authenticated and OAuth provider authenticated user name will be shown on the right upper corner.
  
  
  

1. Wiki: http://code.google.com/p/socialauth/w/list

• Project url: http://code.google.com/p/socialauth/

• Facebook api key registration: https://developers.facebook.com/apps/

• Facebook application registration: https://developers.facebook.com/docs/web/tutorials/scrumptious/register-facebook-application/

• Google api key registration: https://code.google.com/apis/console/

• Refer to the following url for Twitter, LinkedIn, Hotmail, Yahoo, Yammer, Salesforce, MySpace, Foursquare, Mendeley: http://code.google.com/p/socialauth/w/list