Setting Up Yahoo as an IDM Social Identity Provider

Setting Up Yahoo

To set up Yahoo as a social identity provider, navigate to the following page: Yahoo OAuth 2.0 Guide . You'll need a Yahoo account. You can then navigate to the Create an App page, where you can follow the Yahoo process to create a new web application with the following information:

When complete and saved, you should see a Client ID and Client Secret for your new web app.

Configuring Yahoo as a Social Identity Provider

When you enable a Yahoo social identity provider in the Admin UI, IDM generates the identityProvider-yahoo.json file in your project's conf/ subdirectory.

When you review that file, you should see information beyond what you see in the Admin UI. The first part of the file includes the name of the provider, the scope, and UI settings related to the social identity provider icon (badge) and the sign-in button. For more information on the icon and button, see "Social Identity Provider Button and Badge Properties".

{
    "provider" : "yahoo",
    "scope" : [
        "openid",
        "sdpp-w"
    ],
    "uiConfig" : {
        "iconBackground" : "#7B0099",
        "iconClass" : "fa-yahoo",
        "iconFontColor" : "white",
        "buttonClass" : "fa-yahoo",
        "buttonDisplayName" : "Yahoo",
        "buttonCustomStyle" : "background-color: #7B0099; border-color: #7B0099; color:white;",
        "buttonCustomStyleHover" : "background-color: #7B0099; border-color: #7B0099; color:white;"
    },

Another part of the file includes a propertyMap, which maps user information entries between the source (social identity provider) and the target (IDM).

The next part of the file includes schema information, which includes properties for each social identity account, as collected by IDM, as well as the order in which it appears in the Admin UI. When you've registered a user with a Yahoo social identity, you can verify this by selecting Manage > Yahoo, and then selecting a user.

Next, there's the part of the file that you may have configured through the Admin UI, plus additional information on the redirectUri, the configClass, and the authenticationIdKey:

    "authorizationEndpoint" : "https://api.login.yahoo.com/oauth2/request_auth",
    "tokenEndpoint" : "https://api.login.yahoo.com/oauth2/get_token",
    "wellKnownEndpoint" : "https://login.yahoo.com/.well-known/openid-configuration",
    "clientId" : "<Client_ID_Name>",
    "clientSecret" : {
      "$crypto" : {
        "type" : "x-simple-encryption",
        "value" : {
          "cipher" : "AES/CBC/PKCS5Padding",
          "stableId" : "openidm-sym-default",
          "salt" : "<hashValue>",
          "data" : "<encryptedValue>",
          "keySize" : 16,
          "purpose" : "idm.config.encryption",
          "iv" : "<encryptedValue>",
          "mac" : "<hashValue>"
        }
      }
    },
    "authenticationIdKey" : "sub",
    "redirectUri" : "https://openidm.example.com/",
    "basicAuth" : false,
    "configClass" : "org.forgerock.oauth.clients.oidc.OpenIDConnectClientConfiguration",
    "enabled" : true
  }

If you need more information about the properties in this file, refer to the following appendix: "Yahoo Social Identity Provider Configuration Details".

Configuring User Registration to Link to Yahoo

Once you've configured the Yahoo social identity provider, you can activate it through User Registration. To do so in the Admin UI, select Configure > User Registration, and activate that feature. Under the Social tab that appears, enable Social Registration. For more information on IDM user self-service features, see "Self-Service End User UI".

When you enable Social Registration, you're allowing users to register on IDM through all active social identity providers.