LinkedIn Login Setup
Configure Linked login via OAuth2
1. Log in to LinkedIn developer Portal
Login to https://www.linkedin.com/developers/apps/new with a LinkedIn account.
2. Create an app.
If this is the very first project you create with this Linked account, you will see the page below.
Fill in at least the required fields (marked with asterisks).
Choose a name for your app:
Select the LinkedIn Page of your company (If not already created, select 'Create a new LinkedIn Page'):
Upload a logo for your app (it's mandatory), Check the box to accept the rules and then click on "Create app" :
Click on "Verify" to make the use of your LinkedIn Page for your app checked by an administrator of your Page (this may be you):
Click on "Generate URL" to generate the verification URL:
Copy the URL and send it to an administrator of your LinkedIn Page. Click on "I'm done":
If you are the administrator of your Page, simply run the URL in a new tab (if not, an administrator will have to do the next step). Click on "Verify"
Refresh the tab of app creation: the app should now be associated with your Page
Now go to the "Auth" tab and copy/save the client ID, Client Secret which will be used later during SSO configuration.
Go to the "Products" tab and select the product "Sign In with LinkedIn". Accept the terms and click on "Add product":
Refresh the page a few moments later, the product "Sign In with LinkedIn" should appear in the "Added Products" section:
3. Create a new access token
Go to the "Docs and Tools" tab and select "OAuth Token Tools". Then click on "Create Token".
Select the app and then ‘Member authorization code (3 legged)' is auto selected. Select scopes and after accepting terms, click on 'Request access token'’.
4. SSO Management console configurations
From Home, select the tab "Global Method Settings" and then click "New Method" at the bottom of the page. Choose OAuth 2.0 as method type. The method class will auto-fill and you don't have to edit it.
Choose a method name, for instance linkedin.oauth2.1
Press "OK" and the method will be created. Select the "OAuth 2.0" tab and edit the fields with the information of your Project.
Client ID and secret are generated as part of ‘Create an app' performed above.
OAuth2.0 endpoints for LinkedIn:
Authorization Endpoint URL: https://www.linkedin.com/uas/oauth2/authorization
Scope: r_liteprofile r_emailaddress
Token Endpoint URL: https://www.linkedin.com/uas/oauth2/accessToken
UserInfo Endpoint URL: https://api.linkedin.com/v2/me
Once all the fields are filled in, press "Update". The Client Secret will be hidden from view once set.
Go back to "Main" tab, tick "Enabled" box, and press "Update"
Copy the redirect URI from the Redirect URI field in the OAuth 2.0 tab
and paste it to the list of authorized redirect URIs for your app in LinkedIn App console (First, go to "SampleCompanyABC" and select the 'Auth' tab--> OAuth 2.0 settings):
Click on Update.
User Driven Federation with LinkedIn
1. Create LDIF and import to directory
Step 1: Create linkedin.ldif
# Modifying linkedin.oauth2.1 method to offer federation
dn: cn=linkedin.oauth2.1,cn=Server,ou=System,cn=Ubilogin,dc=localhost
changetype: modify
replace: ubiloginLDAPURLUserMappingTableDN
ubiloginLDAPURLUserMappingTableDN: cn=CustomerID User Mapping,cn=Server,ou=System,cn=Ubilogin,dc=localhost
-
changetype: modify
replace: ubiloginDirectoryServiceDN
ubiloginDirectoryServiceDN: cn=CustomerID Directory,cn=Services,ou=System,cn=Ubilogin,dc=localhost
-
Step 2: Import settings to directory
Then we'll use import tool to read settings in linkedin.ldif file:
cd C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\ldap\adam
import.cmd ..\linkedin.ldif
2. Enable an external authentication method for CustomerID
Step 1: Enable LinkedIn as authentication method in SSO Management Console
Open SSO Management Console with your administrator account.
Go to eIDM Services site.
On Site Methods, add linkedin.oauth2.1.
On Applications, you will see two applications: eidm2 and workflow.
For each of these two applications go to Allowed Methods and add linkedin.oauth2.1. It's important that you add linkedin.oauth2.1 as allowed method for both eidm2 and workflow.
Â
Ensure to add LinkedIn Authentication Method in ‘eIDM Users’--> 'Site Methods':
Step 2:Â Enable LinkedIn as authentication method in CustomerID
Open eidm2.properties with your text editor.
Find the line that starts with "methods.protected" and add linkedin.oauth2.1 as shown below. Â Â
Restart Wildfly.
Open CustomerID self-service login page https://localhost:7443/eidm2/wf/self-service
You will find Login with Linkedin button under "Sign In Using a Provider"
Part 3: Link your accounts
Step 1: Link your accounts
Login to self-service. Click "Login with LinkedIn" button and you will be redirected to LinkedIn accounts login page.
Log in using some LinkedIn account and you will see the screen below. You are informed that user federation is not enabled (in red letters) so in this step you must log in with your CustomerID account one last time.
After successful login, you're prompted to link your account. Tick the box "Remember this next time" and click "Continue"
You are now logged in and you can see the account linking settings at the bottom of the page under "Federated Accounts".
Now log out from CustomerID. Obs: You must logout from Linkedin too.
Step 2: Verify that you can log in to CustomerID directly with a LinkedIn account
Open self-service login page again https://localhost:7443/eidm2/wf/self-service
This time you will be able to log in directly using your LinkedIn credentials.
Step 3: Unlink your account
In the future, any user can unlink her own account from self service interface.