WebSphere Application Server & Liberty

Hi All,

After the IBM Content Navigator configured deployed with OIDC In the login page as shown below . If we click on Authenticate with google sign in it's not redirecting refreshing and staying in the same page any thoughts on this please. If i change the relay properties to auto redirection then It's able to login with IDP users but LDAP users can't login as it's auto redirecting to the IDP login page. As i want to login from both the entities any thoughts.

Hi RN,

Are you using WebSphere Application Server or Liberty?  Also, which version?  If you're using Liberty, are you using openidConnectClient or socialLogin features?

With each runtime, there is a property to map users to the registry?  WebSphere: provider_(id).mapIdentityToRegistryUser, Liberty (openidConnectClient): mapIdentityToRegistryUser.  In both, the default is false.   I'm not sure if you have a choice with social.  Do you have that property set to true?  Do your google users exist in your LDAP registry?  If so, is there a specific claim in the id_token that matches up to the principal name?

Hi All,

After the IBM Content Navigator configured deployed with OIDC In the login page as shown below . If we click on Authenticate with google sign in it's not redirecting refreshing and staying in the same page any thoughts on this please. If i change the relay properties to auto redirection then It's able to login with IDP users but LDAP users can't login as it's auto redirecting to the IDP login page. As i want to login from both the entities any thoughts.

Hi Barbara,

I'm using the WebSphere Application Server 9.0.5.13. 

 mapIdentityToRegistryUser --> false 

The  user does not exist in ldap.

Hi RN,

Are you using WebSphere Application Server or Liberty?  Also, which version?  If you're using Liberty, are you using openidConnectClient or socialLogin features?

With each runtime, there is a property to map users to the registry?  WebSphere: provider_(id).mapIdentityToRegistryUser, Liberty (openidConnectClient): mapIdentityToRegistryUser.  In both, the default is false.   I'm not sure if you have a choice with social.  Do you have that property set to true?  Do your google users exist in your LDAP registry?  If so, is there a specific claim in the id_token that matches up to the principal name?

Hi All,

After the IBM Content Navigator configured deployed with OIDC In the login page as shown below . If we click on Authenticate with google sign in it's not redirecting refreshing and staying in the same page any thoughts on this please. If i change the relay properties to auto redirection then It's able to login with IDP users but LDAP users can't login as it's auto redirecting to the IDP login page. As i want to login from both the entities any thoughts.