Introduction:

Access Manager supports the different external OAuth providers for social integration. Social authentication simplifies login for end users and does not require maintaining large user stores. This authentication can be configured using the SocialAuthClass of Access Manager Identity provider. For more information see the NetIQ Access Manager documentation.

This cool solution is intended for administrators or app developers to test their applications with NAM. I will be describing how to create a sandbox application and use it with Access Manager.

How it Works:

Create an application in Instagram and configure it with Access Manager Identify provider. Access the Social class from Identity Server page, Authenticate with Instagram and access the resource protected by Access Manager.

Pre-Requisites:

• You must have a developer account with Instagram

• Access Manager 4.3 or earlier

Configuration:

Step 1 - Instagram Configuration to create an application

1. Create an Instagram application for test
   
   
   
   1. Access Instagram Developer url: https://www.instagram.com/developer/
   
   
2. If user is not logged In, click on Log In. Perform the login. If this is first time access, the following page appears:

1. Click on Register your application. Add the application name and domain. Save the information.

2. Now, Click on Register a New Client. Fill in the information as per the application. The following details are only for illustration.
   
   
   
   1. Application Name: NAMTest_Sles12
   
   
3. Description: Product

• Company Name: Novell

• Website URL: www.novell.com

• Valid redirect URIs: https://sles12-acidp.labs.blr.novell.com:8443/nidp/jsp/socialauth_return.jsp

• Contact Email: vneeraj@novell.com

• Enter the ReCaptcha code and click on Register.

3. After Successful Registration, the Application Summary page will be displayed.

• On the Manage Clients page, click on Manager for the client created.

• From the Details tab, copy the client ID and Client Secret. This will be used by Access Manager when Instagram will be configured.

6. Note that, this app is in sandbox mode.

Step 2 – Configure NAM for Instagram Authentication

1. Create a Social Auth class in NAM if it does not exist. If Social Auth exists, the same class can have multiple social authentication providers.

• Click Add on Social Auth Providers. Select “Other” in Auth Provider. Add the Following information:
  
  
  
  1. Provider Name: “Instagram”
  
  
• Consumer key: Client id of Instagram application

• Consumer Secret: Client Secret of Instagram application

• Save the configuration.

• Configure Method and Contract for this provider. For more information, see the NetIQ Access Manager Documentation.

Testing the Authentication:

1. Open the NAM IDP URL in the web browser. Select the Social class from the left drop down. Select Social Authentication card.

2. Click on the Instagram icon. It will ask for login. Do login with valid user

• Post authentication, it will ask for authorization.

4. Authorize the app and it will redirect back to the Access manager identity provider portal. Social Authentication contract will be marked as authenticated.

Troubleshooting:

During authentication, the following error may appear:

{"error_type": "OAuthForbiddenException", "error_message": "You are not a sandbox user of this client", "code": 403}

This is because the application is created in the sandbox and it’s not open for all the users. In this mode, only selected (invitation base) users can access. Users must be registered as developer in Instagram. By default, they will be in pending mode. You have to login into respective developer account and accept that. This looks to be limitation from Instagram.



Once the application is tested, it has to be enabled for live access. Submit the client from the permission section.