HomeManagement Center

LinkedIn sign-in

Add LinkedIn sign-in as an authentication method to Integrity Web

Let your consumers use their existing LinkedIn account to sign in to any service protected by Integrity Web.

Guide prerequisite:

  • Integrity Web installed

  • DNS-name and certificates in place for the Integrity Web https-host

  • LinkedIn corporate account (for production purposes, for test you may use your private LinkedIn account)

Add authentication method

Add this configuration to the Authn module in the configuration:

Change the DNS host name of the redirect_uri to match your environment. Copy the value of the redirect_uri as this will be used in a later step.

LinkedIn configuration

  1. Sign in to https://www.linkedin.com/developers/apps

  2. Click Create App

  3. Enter an app name, such as Integrity

  4. Enter the url to the organization LinkedIn page

  5. Upload a logo to be associated with the app

  6. Create app

  7. Click on the app

  8. Select the Auth tab

  9. Copy the client id and the client secret values. These will be used in a later step.

  10. Click on the pen, next to Authorized redirect URLs for your app

  11. Enter the redirect_uri copied from previous step.

  12. Click update

Prepare LinkedIn Discovery

The LinkedIn OpenID Connect Discovery metadata does not include a mandatory parameter, token_endpoint_auth_methods_support. To make LinkedIn work with Integrity web, the LinkedIn OpenID Connect Discovery metadata must be downloaded, altered and then published on a URL, reachable from the Integrity Web server.

  1. Download Linked Discovery from https://www.linkedin.com/oauth/.well-known/openid-configuration. Name the file linkedin-openid-configuration

  2. Open linked-openid-configuration in a text editor

  3. Add the token_endpoint_auth_methods_support parameter to the json structure:

  1. Save the file

  2. Place the file on a web server. In this configuration example, the proxy server (Apache) has been used.

  1. Adjust the Integrity Web configuration. Locate the autenticator and adjust the parameter discovery_metadata_url to match your environment. "discovery_metadata_url": "https://my.own.host/.well-known/linkedin-openid-configuration",

Add client credentials

  1. Open the Integrity Web configuration

  2. Locate the LinkedIn Authentication method added in previous step

  3. Replace the client_id and client_secret values with the values copied in previous step.

Example:

Test

Alter the configuration to point to the new Facebook authenticator, either directly or as a selector option.

Browse to the service protected by Integrity Web.

Select Facebook as authentication method.

Your browser should now be redirected to the Facebook sign-in site.

Enter your Facebook credentials and approve the authentication.

You should now be redirected back to Integrity and then to the service with a valid authentication.

Use server.log for error tracing and debugging. Fix accordingly and test again.

Sample configuration

A sample Integrity Web configuration, including a number of different social provider sign-in options, can be downloaded here.

PreviousFacebook sign-inNextVMware Horizon login with SAML or OIDC using Integrity WEB as third-party IdP

Last updated