Social Login using Oracle Mobile and Social Access Management

Overview

Purpose

In this tutorial you will learn how to configure and test social login using an Android emulator. You also learn how to configure Facebook as OAuth Provider.The installation and configuration of all the software required is not covered in this OBE.

Time to Complete

Approximately 1 hour

Introduction

The Oracle Access Management Mobile and Social service acts as an intermediary between a user seeking to access protected resources, and the back-end Access Management and Identity Management services that protect the resources. Mobile and Social provides simplified client libraries that allow developers to quickly add feature-rich authentication, authorization, and identity capabilities to registered applications.
Oracle Mobile and Social Access Management enables organizations to accept internet identities for signing on users to low value applications like blogs, communities, etc. This in turn can provide a seamless user experience for users without the burden of additional logins.
With Oracle Identity Management you are making it easier for relying parties to accept identities from internet identity providers like Facebook, Twitter, LinkedIn, Google and Yahoo.

Scenario

John works as an administrator of ABC Corporation. He is responsible for

  • Simplifying Access management in the organization.
  • Ensuring that users and organization can access their protected resource using any of their devices like mobile, laptop etc.
  • Ensure that users use their social identity to access protected resources

To implement this solution in his company's environment quickly, easily and efficiently, he must :

  • Install Access Management using Mobile and Social
  • Configure Social login

Hardware and Software Requirements

The following is a list of software and hardware requirements:

  •           Oracle Linux Version 6 Update 3 or later
  •           Oracle Database 11g version 11.2.0
  •           Sun JDK version 7u40
  •           Oracle WebLogic Server 11g version 10.3.6
  •           Oracle Identity Management Suite 11g version 11.1.2.2.0
  •           Oracle Repository Creation Utility 11gR2 version 11.1.2.2.0
  •           Oracle Unified Directory 11gR2 version 11.1.2.2.0
  •           Android ADT Version 20131030 or later
  •           One PC with atleast 8GB RAM and 100GB diskspace

Prerequisites

Before starting this tutorial, you should complete the following OBEs

          Setting up the environment for Oracle Mobile and Social Access Management hands-on

          Configure Mobile services using Native Mobile login using Oracle Mobile and Social Access Management

Configuring Facebook as OAuth Provider

OAuth is an open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications.Online social identities allow you to access web sites using existing identities from leading social networks such as Facebook, LinkedIn, or Twitter. For this example you will configure Facebook as the Identity Provider.

Registering LoginApp application with facebook

You will register as a Facebook developer and then register the LoginApp application with facebook.

  1. Login to http://developers.facebook.com using your facebook account

    Facebook developer page

  2. Click on Apps and register as a developer

    Facebook developer page

    Register as developer

  3. The personal information page may be skipped.

    Facebook developer page

  4. Complete the registration as a developer.

    Complete reg

  5. Register the login application. Provide app name as LoginApp, click Continue. Enter Capcha information. It should bring up LoginApp registration page with the App ID and App secret that gets generated automatically by the Facebook OAuth server.

    Register app

  6. Click on WebSite with FB link field and enter the OAM server URL
    For example http://oam.example.com:14100/
    Click Save Changes.
    Note the AppID and App Secret – (You would need this for next step.)

    Finish app reg

Configuring Facebook OAuth Provider in Oracle Access Manager

The consumer key and App secret generated by facebook for LoginApp should be added in the Oracle Mobile and Social Access management software

  1. Login to OAM Console and navigate to
    Social Identity under Mobile and Social in the Launch Pad.
    Edit the Facebook OAuth Provider

    IIS page in OAM

  2. Add the App ID in consumer key and App secret in Consumer secret fields on the Facebook OAuth Provider page.

    Add LoginApp key

You have now configured Facebook as OAuth provider

Configuring Oracle Access Manager for social login

Internet Identity Services provides functionality that lets the Mobile and Social solution serve as the relying party when interacting with popular, cloud-based identity authentication and authorization services, such as Google, Yahoo, Facebook, Twitter, or LinkedIn. By deploying Oracle’s Mobile and Social service, you provide the user with multiple log-in options without the need to implement access functionality for each identity provider individually.

Creating application profile

When creating the new internet application profile, you must use the same name as your previously created Application profile for the mobile application. For example, if your mobile application profile is called "LoginApp" the internet application profile should also be called "LoginApp". At this time, this is a one-to-one relationship.

  1. Navigate to Social Identity under Mobile and Social section in the Launch Pad of OAM Console.
    Create a new application profile: Set the following parameters for the new application profile 

    • Name: The application name. This must match the name of the of mobile application profile created for your application under Mobile Services. We use LoginApp for this example.
    • Shared Secret : A password used as an encryption key between the application and OAMMS. This does not need to match any existing passwords.
    • Return URL and Mobile Application Return URL : After the Relying Party (social) login, the OAMMS server will redirect to the Android application using this URI. This URI will be registered with Android and associated with an Intent that is mapped to your sample application. This allows your sample application (and the linked SDK) to handle the post login authentication process. Use osa:// for this lab. If you look inside your applications AndroidManifest.xml file you will see this URI mapped to an activity that invokes the SDK.
    • Login Type : Choose to allow only internet identity authentication for this exercise.
    Create AP for social
    • Enable browser pop ups: Select no to disallow use of new browser instance to pop up for the login page.
    • User Registration: For our demo we assume the account is already registered. If you wish to allow user registration enable this feature
    •  Authentication Service Endpoint : Make sure that /internetidentityauthentication is selected.
    AP information

  3. Choose Default Service provider interface

    AP interface info

  4. Application to Provider Mapping: Select the social login providers that you wish to enable. For the lab select Facebook.
    Note: You can choose others here (e.g. Google, LinkedIn etc) but you must register for a developer API key with each provider

    Choose FB

  5. A summary for the Application profile creation is shown below

    AP_Summary

Creating social login service domain

Create a Service Domain for social to associate Service Profiles with Application Profiles and the corresponding configuration settings.

  1. To create a service domain for social login you have to navigate to Mobile Services under Mobile and Social in the Launch pad.
    Click Create under Service Domain.

    Create Service Domain

  2. In this example you call the domain "BankDomainRP". The type should be Mobile Application and the application credential type User Token.

    Name Service Domain

  3. Select the “LoginApp” Application Profile that you created in the earlier step.

    Add AP

  4. Choose the Authentication , Authorization and User profile Services as shown below

    Add profiles

  5. Enable write option in UserProfile

    Allow write

  6. A summary of the Service domain is shown below

    SD created

You have now configured social login in Oracle Access Manager

Testing social login

Oracle Access Manager Social Identity turns social integration into an administrator action. It provides out-of-the-box support for leading social providers. It also provides increased levels of assurance as user progresses to more secure services. The registration is simplified and single sign-on from multiple providers is provided. The user can choose his identity provider from this list.
You will login using your facebook id to access a protected resource

Checking internet connection in emulator

Before you test the social login, make sure you can get to the internet on the android emulator embedded browser.

  1. Start the emulator. Click on the Home button. Click on the Menu icon. Select the option below manage apps.

    Start emulator

  2. Select More under Wireless and Network

    Select More

  3. Click on Mobile Network

    Mobile Network

  4. Select Access Point Names

    APN

  5. Select T-Mobile US

    T-Mobilr

  6. Do not set any value for the Proxy Server host/port.

    Server details

  7. Go back to Home, click on Apps and make sure you can access facebook from embedded browser

    Browser

    Check FB

  8. Click on Home button. Click on Menu option. Select Manage Apps.
    Find LoginApp from the list and click Clear Data. Confirm with OK.

    Clear data

Testing social login

  1. Click on Home button. Click on Apps button. Click on LoginApp.

    Login with Social

  2. Click on Server button. Make sure RP(Relying Party) Server details are set.
    Click Submit. Notice the mss Done and Setup Done messages.

    Server details

  3. Click on Login with Social button. It should display the following screen

    Login options

  4. Click on Facebook

    Choose FB

  5. Login using your FB login.Click on Not Now

    FB login

  6. The following page is displayed

    Aprooval

  7. Click Ok. These messages are displayed.
    RP Login Success
    RP Authentication Succeeded.
    Followed by the token generated

    Login Success

You have now used social login to access a protected resource.

Summary

A sample Android application(LoginApp) has been deployed in an Android emulator. Social login is configured at the Oracle Mobile and Social Access management using Web console. Access to a protected resource is achieved using social login.

In this tutorial, you learned to:

  • Configure Facebook as OAuth provider
  • Configure social login in Oracle Access Manager
  • Use social login to access protected resource

Resources

Credits

  • Lead Curriculum Developer: Vandana Rajamani
  • Product Manager: Kanishk Mahajan
  • Other Contributors: Vishal Parashar

To navigate this Oracle by Example tutorial, note the following:

Topic List:
Click a topic to navigate to that section.
Expand All Topics:
Click the button to show or hide the details for the sections. By default, all topics are collapsed.
Hide All Images:
Click the button to show or hide the screenshots. By default, all images are displayed.
Print:
Click the button to print the content. The content that is currently displayed or hidden is printed.

To navigate to a particular section in this tutorial, select the topic from the list.