The following guide is about the Client configuration steps for GAM Remote Authentication Type.
By using the GAM Web Backoffice, add the Authentication Type through the Authentication Types menu item.
Then add the information as explained below:
Picture #1. Defining GAM Remote Authentication Type. Web panel GAMExampleEntryAuthenticationType.
- Client ID. Client ID of the Application. The same as the one specified in the Identity Provider.
- Client Secret. Client Secret of the Application - the same as the one specified in the Identity Provider.
- Local Site URL. URL of the client application - the same as the one specified in the Call Back URL in the server.
- Additional Scope. The only valid additional scope is "gam_user_additional_data". By using this additional scope, we send the extended attributes of the GAM Users to the GAM client.
If no additional scope is added, the following basic information is transferred from the server to the client: Guid, Username, EMail, First_Name, Last_name, External_id, Birthday, Gender, Url_image, Url_profile, Phone, Address, City, State, Post_code, Language, Timezone. To send additional data, we must check the option "Get user additional data" in the server application.
- Remote Server URL. URL of the server application (e.g: http://server/TestGAMSSOServer.NetEnvironment). The format is: Http://<Server>:<Port>/<BaseURL>. For Java, do not include "/servlet".
- Private Encryption Key. By using this private encryption key, we encrypt the communication between client applications and the server application. It must be configured with the same value as the one specified for the GAM application defined in the Identity Provider (the server). If they are different, an error "javax.servlet.ServletException: java.lang.InternalError: invalid key" is thrown.
Identity Provider Configuration for GAM Remote Authentication