Brad Tarisznyas posted 03-07-2022 04:49
HI Mano,
You should be able to use the AM Social Authentication for this if the IDP supports OAuth 2.0 or OIDC (ForgeRock Access Management 7.1.2 > Authentication and Single Sign-On Guide > Social Authentication). If you have further requirements to route the user, you could embed that logic into your authentication tree - so maybe prompt the user for email address, then use a scripted decision node to route to the appropriate social provider based on those you have configured.
In your scripted decision node, you could have something like:
var username = sharedState.get("username");
var domain = username.substring(username.lastIndexOf("@") +1);
if(domain=="example.com"){
nodeState.putShared("selectedIdp", "Google");
outcome = "Google";
}else{
nodeState.putShared("selectedIdp", "Facebook");
outcome = "Facebook";
}
Hope that helps.