Step-by-Step Guide to Integrate LinkedIn Connect with the eXo Platform Sign-In Mechanism

A few weeks ago, we implemented a new way to connect to the eXo Community website, which runs on eXo Platform 4, using third-party authentication systems, namely LinkedIn, Facebook, and Google+. We excluded Twitter, as its system doesn’t enable developers to retrieve an email address, which is the main way to identify a user account.
Step-by-Step Guide to Integrate LinkedIn Connect with the eXo Platform Sign-In Mechanism


It’s a great improvement to our community website, as it enables people to connect in two clicks, without the hassle of filling out a long form to create an account. Returning users also benefit from this new feature: if their email address in LinkedIn is the same as the one they use for eXo Community, they can sign in with just one click.
A few days ago, a community member asked us how to make the LinkedIn sign-in mechanism work for his own project running eXo Platform 4. After we shared the process with him, we thought it would be valuable to share the knowledge with everyone. This article will focus on using LinkedIn authentication to sign in to Platform 4, but the same process should be usable to allow authentication via Facebook or Google+, as well.

I. Objective

1. Users can sign into your eXo Platform 4 website using their LinkedIn accounts.


2. The LinkedIn user profile can be imported into the eXo Platform user profile.

II. Prerequisites

This tutorial involves developing your own components, so it is good if you have knowledge about:
eXo Platform 6 Free Datasheet​​
Download the eXo Platform 6 Datasheet and
discover all the features and benefits

III. Steps

Summary of the steps:

1. Obtain LinkedIn API key and secret key via the LinkedIn developer website.

2. Develop a LinkedIn OAuth component (.jar) in your own java project.

3. Deploy your component into eXo Platform

4. Develop a login module (.jar) in your java project.

5. Deploy and configure JAAS Realm to enable your login module.

1. Obtain LinkedIn API key and secret code.

– Sign in at

– Click “API Keys”, in the drop-down menu under your name.

– Click “Add New Application” to launch the LinkedIn Application Wizard.

– Complete the wizard. Notice that in the Default Scope section, “r_emailaddress” should be checked.

– Once the wizard is complete and the information is saved, you can retrieve your API key and secret key. Note that the keys can be regenerated later, if needed.

2. Develop a LinkedIn OAuth component (.jar).

– Start your Maven project.

– Edit your pom.xml to add scribe dependency:

The scrib library can be used this way:
					import org.scribe.builder.ServiceBuilder;
import org.scribe.builder.api.LinkedInApi;
import org.scribe.model.OAuthRequest;
import org.scribe.model.Response;
import org.scribe.model.Token;
import org.scribe.model.Verb;
import org.scribe.model.Verifier;
import org.scribe.oauth.OAuthService;
– Write a java class that carries out the interconnection between eXo Platform and LinkedIn using Scribe API.

The interconnection is explained here:


If you need to read more about Scribe API:


– Write another class (called “filter” in this tutorial) that:

  • Redirects users to the LinkedIn login page using the login url
  • Redirects users to the login page on our website once the needed information has been retrieved

Sample code for the filter

					public class OAuthLinkedinFilter implements org.exoplatform.web.filter.Filter{

	public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {
	HttpServletRequest req = (HttpServletRequest)request;
    HttpServletResponse res = (HttpServletResponse)response;
    HttpSession session = req.getSession(true);
    LinkedinAuthHelper helper = new LinkedinAuthHelper();
    String code = request.getParameter("code");
    String stateRes = request.getParameter("state");
    String stateReq = (String)session.getAttribute("state");
    if(code == null ||  stateReq == null || stateRes == null || "".equals(code) || "".equals(stateReq) || "".equals(stateRes) || !stateRes.equals(stateReq)){
			session.setAttribute("state", helper.getStateToken());
			String loginUrl = helper.getLoginUrl();
		}else if(code != null  && stateRes != null && stateReq != null && stateRes.equals(stateReq)){
      String username = helper.getUsernameFromTokenCode(code);
      if(username != null){
          SecureRandom random = new SecureRandom();
          String password = new BigInteger(130, random).toString(32);
Note: This sample saves the username and password in a browser session.

3. Deploy your LinkedIn Auth component.

– After building your project, install jar to tomcat/lib.


– Declare the filter via an eXo Platform Extension. The filter will be declared in WEB-INF/conf/portal/configuration.xml, as in the following sample. (Note that the class name is and the url is /linkedinAuth.)

					<?xml version="1.0" encoding="ISO-8859-1"?>
<configuration xmlns:xsi=""
      <name>Sample Filter Definition Plugin</name>
          <name>Sample Filter Definition</name>
          <object type="org.exoplatform.web.filter.FilterDefinition">
            <field name="filter">
              <object type=""/>
            <field name="patterns">
              <collection type="java.util.ArrayList" item-type="java.lang.String">
Benefits of Open Source Software
for the Enterprise
Open source en entreprise
The term open source refers to any solution that has its source code widely accessible to the public for modification and sharing.
Benefits of Open Source Software
for the Enterprise
The term open source refers to any solution that has its source code widely accessible to the public for modification and sharing.

4. Develop your login module.

– Write a login module that extends AbstractLoginModule.


See the code sample below:

public class ORGLoginModule extends AbstractLoginModule {

	public boolean login() throws LoginException {  
    try {  
			HttpServletRequest request = getCurrentHttpServletRequest();    
			ExoContainer container = getContainer();  
			HttpSession session = request.getSession(true);  
			String username = null;  
			String password = null;   
			if(session != null) {    
				if(session.getAttribute("oauth_username") != null) {  
					 username = (String) session.getAttribute("oauth_username");  
				if(session.getAttribute("oauth_password") != null) {  
					 password = (String) session.getAttribute("oauth_password");  
			if(username != null){  
				establishSecurityContext(container, username);   
				if (log.isTraceEnabled()) {   
					log.trace("Successfully established security context for user " + username);  
				return true;  
			return false;  
    }catch (Exception e) {   
		if (log.isTraceEnabled()) {   
			log.trace("Exception in login module", e);  
    return false;  

	protected void establishSecurityContext(ExoContainer container, String username) throws Exception {
		Authenticator authenticator = (Authenticator) container.getComponentInstanceOfType(Authenticator.class);
  	if (authenticator == null) {
			throw new LoginException("No Authenticator component found, check your configuration");
    Identity identity = authenticator.createIdentity(username);
    sharedState.put("", identity);
    sharedState.put("", username);
    UsernameCredential usernameCredential = new UsernameCredential(username);

5. Deploy and configure JAAS to enable your login module.

– After building your login module jar, install it to tomcat/lib


– Configure to enable the module in tomcat/conf/jaas.conf. Your login module should be placed before other modules. In the following example, it is ORGLoginModule:

					gatein-domain { required;
	org.gatein.sso.integration.SSODelegateLoginModule required
	password-stacking=useFirstPass; required

6. Test it.

– To check if the filter works, go to {your website}/portal/linkedInAuth


If the module is working, it will redirect you to a LinkedIn login page like this one:

Once you are identified on LinkedIn and allow access, you will be redirected back to the website with the user data provided by LinkedIn. These data are formatted under json format in the following manner:


{“id”:”QuUeufSui4″,”lastName”:”Vu”,”emailAddress”:””,”firstName”:”Tuan Anh”}


Now, you can do whatever you want with these data.


See the mechanism in action by signing in into the community, and learn more about our add-ons and what you can do with eXo Platform 4.


Join the eXo Community if you have any questions or if you want more details on how we did it for Google+ and Facebook logins.

Get in Touch with our Experts
Learn How we Can Help Your Teams Collaborate and Get Things done
Get in Touch with our Experts
Learn How we Can Help Your Teams Collaborate and Get Things done
5/5 - (1 vote)
Related posts
  • All
  • eXo
  • Digital workplace
  • Open source
  • Internal communication
  • Collaboration
  • News
  • intranet
  • Future of work
  • workplace
  • Knowledge management
  • Employee engagement
  • Employee experience
  • Employee productivity
  • onboarding
  • Employee recognition
  • Change management
  • Cartoon
  • Digital transformation
  • Infographic
  • Remote work
  • Tips & Tricks
  • Tutorial
  • Uncategorized
Leave a Reply

( Your e-mail address will not be published)

Commentaires en ligne
Afficher tous les commentaires