LinkedIn Login Setup

Owned by Former user (Deleted)
Last updated: 2022-09-05
5 min read

Configure Linked login via OAuth2

1. Log in to LinkedIn developer Portal

Login to https://www.linkedin.com/developers/apps/new with a LinkedIn account.

2. Create an app.

If this is the very first project you create with this Linked account, you will see the page below.

Fill in at least the required fields (marked with asterisks).

Choose a name for your app:

Select the LinkedIn Page of your company (If not already created, select 'Create a new LinkedIn Page'):

Upload a logo for your app (it's mandatory), Check the box to accept the rules and then click on "Create app" :

Click on "Verify" to make the use of your LinkedIn Page for your app checked by an administrator of your Page (this may be you):

Click on "Generate URL" to generate the verification URL:

Copy the URL and send it to an administrator of your LinkedIn Page. Click on "I'm done":

If you are the administrator of your Page, simply run the URL in a new tab (if not, an administrator will have to do the next step). Click on "Verify"

Refresh the tab of app creation: the app should now be associated with your Page

Now go to the "Auth" tab and copy/save the client ID, Client Secret which will be used later during SSO configuration.

Go to the "Products" tab and select the product "Sign In with LinkedIn". Accept the terms and click on "Add product":

Refresh the page a few moments later, the product "Sign In with LinkedIn" should appear in the "Added Products" section:

3. Create a new access token

Go to the "Docs and Tools" tab and select "OAuth Token Tools". Then click on "Create Token".

Select the app and then ‘Member authorization code (3 legged)' is auto selected. Select scopes and after accepting terms, click on 'Request access token'’.

4. SSO Management console configurations

From Home, select the tab "Global Method Settings" and then click "New Method" at the bottom of the page. Choose OAuth 2.0 as method type. The method class will auto-fill and you don't have to edit it.
Choose a method name, for instance linkedin.oauth2.1

Press "OK" and the method will be created. Select the "OAuth 2.0" tab and edit the fields with the information of your Project.

Client ID and secret are generated as part of ‘Create an app' performed above.

OAuth2.0 endpoints for LinkedIn:

Authorization Endpoint URL: https://www.linkedin.com/uas/oauth2/authorization Scope: r_liteprofile r_emailaddress Token Endpoint URL: https://www.linkedin.com/uas/oauth2/accessToken UserInfo Endpoint URL: https://api.linkedin.com/v2/me

Once all the fields are filled in, press "Update". The Client Secret will be hidden from view once set.
Go back to "Main" tab, tick "Enabled" box, and press "Update"
Copy the redirect URI from the Redirect URI field in the OAuth 2.0 tab

and paste it to the list of authorized redirect URIs for your app in LinkedIn App console (First, go to "SampleCompanyABC" and select the 'Auth' tab--> OAuth 2.0 settings):

Click on Update.

User Driven Federation with LinkedIn

1. Create LDIF and import to directory

Step 1: Create linkedin.ldif
# Modifying linkedin.oauth2.1 method to offer federation dn: cn=linkedin.oauth2.1,cn=Server,ou=System,cn=Ubilogin,dc=localhost changetype: modify replace: ubiloginLDAPURLUserMappingTableDN ubiloginLDAPURLUserMappingTableDN: cn=CustomerID User Mapping,cn=Server,ou=System,cn=Ubilogin,dc=localhost - changetype: modify replace: ubiloginDirectoryServiceDN ubiloginDirectoryServiceDN: cn=CustomerID Directory,cn=Services,ou=System,cn=Ubilogin,dc=localhost -
Step 2: Import settings to directory

Then we'll use import tool to read settings in linkedin.ldif file:

cd C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\ldap\adam import.cmd ..\linkedin.ldif

2. Enable an external authentication method for CustomerID

Step 1: Enable LinkedIn as authentication method in SSO Management Console

  1. Open SSO Management Console with your administrator account.

  2. Go to eIDM Services site.

  3. On Site Methods, add linkedin.oauth2.1.

  4. On Applications, you will see two applications: eidm2 and workflow.

  5. For each of these two applications go to Allowed Methods and add linkedin.oauth2.1. It's important that you add linkedin.oauth2.1 as allowed method for both eidm2 and workflow.

 

Ensure to add LinkedIn Authentication Method in ‘eIDM Users’--> 'Site Methods':

Step 2: Enable LinkedIn as authentication method in CustomerID

  1. Open eidm2.properties with your text editor.

  2. Find the line that starts with "methods.protected" and add linkedin.oauth2.1 as shown below.   

  3. Restart Wildfly.

  4. Open CustomerID self-service login page https://localhost:7443/eidm2/wf/self-service

  5. You will find Login with Linkedin button under "Sign In Using a Provider"

Login to self-service. Click "Login with LinkedIn" button and you will be redirected to LinkedIn accounts login page.

Log in using some LinkedIn account and you will see the screen below. You are informed that user federation is not enabled (in red letters) so in this step you must log in with your CustomerID account one last time.

After successful login, you're prompted to link your account. Tick the box "Remember this next time" and click "Continue"

You are now logged in and you can see the account linking settings at the bottom of the page under "Federated Accounts".

Now log out from CustomerID. Obs: You must logout from Linkedin too.

Step 2: Verify that you can log in to CustomerID directly with a LinkedIn account

  1. Open self-service login page again https://localhost:7443/eidm2/wf/self-service

  2. This time you will be able to log in directly using your LinkedIn credentials.

In the future, any user can unlink her own account from self service interface.

Ubisecure Privacy Policy & Cookie Statement