SungHoon_Kim

Step by Step: Facebook partnership 2

Blog Post created by SungHoon_Kim Employee on Nov 3, 2016

This is continuation from Step by Step: Facebook partnership 

 

When you requested for multiple claims from facebook, how do you choose which claim to use as "User ID"?

 

Among the claims(id,name,first_name,last_name,email), my previous configuration was getting "email" claim and use it as the "User ID" to find a user.

Now I changed it to use "Id" which is the facebook account ID.

The "User ID Attribute Name" is where you would specify the desired claim name.

 

Also, Facebook Partnership relies on the user lookup configured in your user store definition.

So, as you can see above, I had to create a new user store (which actually points to the same AD) with different user lookup query.

 

I stored the facebookID value in a user attribute called "physicaldeliveryofficename".

The FacebookID value format is in numbers (for example 10207628931017034).

User store has the following user lookup query.

(physicaldeliveryofficename=

)

 

With the "User ID Attribute Name" using "Id" and the User Store Lookup searching for the matching value, you can disambiguate the user.

 

[Message: {"id":"10207628931017034","name":"Sung Hoon Kim","first_name":"Sung Hoon","last_name":"Kim","email":"sunghoon.kim.my\u0040gmail.com"}]]
[11/02/2016][21:54:41][2428][5016][ff43b745-9626c6db-1f4f47f0-2fee54f9-90f289d5-60a][OAuthUtils.java][parseResponse][Returned message is in JSON format.]
[11/02/2016][21:54:41][2428][5016][ff43b745-9626c6db-1f4f47f0-2fee54f9-90f289d5-60a][OAuth20TokenConsumerHandler][sendUserInformationRequest][EXIT]
[11/02/2016][21:54:41][2428][5016][ff43b745-9626c6db-1f4f47f0-2fee54f9-90f289d5-60a][OAuth20TokenConsumerHandler][executeOAuthFlow][Successful user information request.]
[11/02/2016][21:54:41][2428][5016][ff43b745-9626c6db-1f4f47f0-2fee54f9-90f289d5-60a][OAuth20TokenConsumerHandler][executeOAuthFlow][EXIT]
[11/02/2016][21:54:41][2428][5016][ff43b745-9626c6db-1f4f47f0-2fee54f9-90f289d5-60a][TokenConsumer.java][processOAuthLogin][Authenticating the user.]
[11/02/2016][21:54:41][2428][5016][ff43b745-9626c6db-1f4f47f0-2fee54f9-90f289d5-60a][TokenConsumer.java][retrieveUserID][OAuth Authorization and Single Sign-on Retrieving user id attribute from claims.]
[11/02/2016][21:54:41][2428][5016][ff43b745-9626c6db-1f4f47f0-2fee54f9-90f289d5-60a][TokenConsumer.java][retrieveUserID][OAuth Authorization and Single Sign-on Authenticating the user with attribute 10207628931017034]
[11/02/2016][21:54:41][2428][5016][ff43b745-9626c6db-1f4f47f0-2fee54f9-90f289d5-60a][TokenConsumer.java][authenticateUser][OAuth Authorization and Single Sign-on Calling authenticate for user: 10207628931017034

 

If the target application is protected by WebAgent, then you can display the headers(stored in SMSAMLDATA cookie) without additional configuration on your application.

 

You just need to enable the "SAMLDataPlugin.dll" by uncommenting the "LoadPlugin" line.

It is commented by default so you need to do this.

 

After uncommenting the SAMLDataPlugin and with "HTTP Headers" redirect mode, you can see the claims appear as headers.

 

 

 

But what if your target application do not have WebAgent configured?

If you would like to display the facebook claims at your application, you can use the OpenFormatCookie to pass the information.

 

As mentioned in the previous article, you need to install the federation sdk for openformat cookie.

In this sample, as I am using IIS I installed .net version of SDK.

 

 

You must follow the instruction in the README.txt file.

I am using "facebook" directory as the target application where I was serving "index.asp"

After copying the files(*.aspx, *.aspx.cs, web.config and bin folder) I converted the "facebook" virtual directory to an "Application" as you can see above the icon for the facebook directory appears differently.

 

Then I modified the web.config file as below.

web.config

<?xml version="1.0" encoding="UTF-8"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
<configSections>
<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />
<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere" />
<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />
<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />
<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />
</sectionGroup>
</sectionGroup>
</sectionGroup>
</configSections>

<connectionStrings />
<appSettings>
<add key="Password" value="password" />
<add key="Zone" value="SM" />
<add key="Name" value="DEFAULT" />
</appSettings>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.

Visual Basic options:
Set strict="true" to disallow all data type conversions
where data loss can occur.
Set explicit="true" to force declaration of all variables.
-->
<compilation debug="true" strict="false" explicit="true">
<assemblies>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</assemblies>
</compilation>
<pages>
<namespaces>
<clear />
<add namespace="System" />
<add namespace="System.Collections" />
<add namespace="System.Collections.Generic" />
<add namespace="System.Collections.Specialized" />
<add namespace="System.Configuration" />
<add namespace="System.Text" />
<add namespace="System.Text.RegularExpressions" />
<add namespace="System.Linq" />
<add namespace="System.Xml.Linq" />
<add namespace="System.Web" />
<add namespace="System.Web.Caching" />
<add namespace="System.Web.SessionState" />
<add namespace="System.Web.Security" />
<add namespace="System.Web.Profile" />
<add namespace="System.Web.UI" />
<add namespace="System.Web.UI.WebControls" />
<add namespace="System.Web.UI.WebControls.WebParts" />
<add namespace="System.Web.UI.HtmlControls" />
</namespaces>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</controls>
</pages>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<!-- <authentication mode="Windows" /> -->
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.

<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
<httpHandlers>
<remove verb="*" path="*.asmx" />
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false" />
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</httpModules>
</system.web>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<providerOption name="CompilerVersion" value="v3.5" />
<providerOption name="WarnAsError" value="false" />
</compiler>
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<providerOption name="CompilerVersion" value="v3.5" />
<providerOption name="OptionInfer" value="true" />
<providerOption name="WarnAsError" value="false" />
</compiler>
</compilers>
</system.codedom>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<remove name="ScriptModule" />
<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</modules>
<handlers>
<remove name="WebServiceHandlerFactory-Integrated" />
<remove name="ScriptHandlerFactory" />
<remove name="ScriptHandlerFactoryAppServices" />
<remove name="ScriptResource" />
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</handlers>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>

 

Mainly the changes I made was the "Password", "Zone", "Name" and commenting out the authentication part.

 

Then I updated the partnership to match the configuration in the web.config file.

 

 

Now, when I federate, I get the following details.

Outcomes