Orchestration SDKs

Configuring the Journey module on iOS

PingOne Advanced Identity Cloud PingAM iOS

You must configure the Journey module to connect to your Advanced Identity Cloud or PingAM server.

To configure the module, instantiate the Journey class and call the createJourney() method, providing the configuration options as follows:

Configuring the journey module
let journey = Journey.createJourney { config in
    config.serverUrl = "https://openam-forgerock-sdks.forgeblocks.com/am" // Specify the server URL
    config.realm = "alpha" // Specify the realm for authentication
    config.cookie = "ch15fefc5407912" // Specify the cookie name for session management
    config.logger = LogManager.standard // Optional. Logger the module uses to output messages
}

Update the following properties with values that match your environment:

serverUrl

The URL of the Access Management service on your server.

Advanced Identity Cloud example:

https://openam-forgerock-sdks.forgeblocks.com/am

PingAM example:

https://openam.example.com:8443/openam

realm

The realm containing your users and configuration.

Usually, root for PingAM and alpha or bravo for Advanced Identity Cloud.

cookie

The name of the cookie your PingOne Advanced Identity Cloud tenant uses to store SSO tokens in client browsers.

  • On a self-hosted PingAM server this value is usually iPlanetDirectoryPro.

  • On servers, the cookie name is a random string of characters, such as ch15fefc5407912.

    How do I find my PingOne Advanced Identity Cloud cookie name?

    To locate the cookie name in an PingOne Advanced Identity Cloud tenant:

    1. Navigate to Tenant settings > Global Settings

    2. Copy the value of the Cookie property.

logger

The logger the module uses to output messages.

Choose from, standard, warning, or none, or specify a custom logger to use.

Learn more in Configuring logging on iOS.

Integrating the OIDC Module

You can choose to integrate the OIDC module into your Journey module configuration, to obtain and manage OpenID Connect 1.0 tokens on behalf of the user.

To integrate the OIDC module, add the configuration when instantiating the Journey class as follows:

Integrating the oidc module with the journey module
let journey = Journey.createJourney { config in
    config.serverUrl = "https://openam-forgerock-sdks.forgeblocks.com/am"
    config.realm = "alpha"
    config.cookie = "ch15fefc5407912"
    config.module(PingJourney.OidcModule.config) { oidcConfig in
        oidcConfig.clientId = "sdkPublicClient"
        oidcConfig.discoveryEndpoint = "https://openam-forgerock-sdks.forgeblocks.com/am/oauth2/realms/alpha/.well-known/openid-configuration"
        oidcConfig.scopes = ["openid", "email", "address", "profile", "phone"]
        oidcConfig.redirectUri = "com.example.demo://oauth2redirect"
    }
}

Update the following properties with values that match your environment:

clientId

The client ID from your OAuth 2.0 application.

For example, sdkPublicClient

discoveryEndpoint

The .well-known endpoint from your server.

How do I find my PingOne Advanced Identity Cloud .well-known URL?

You can view the .well-known endpoint for an OAuth 2.0 client in the PingOne Advanced Identity Cloud admin console:

  1. Log in to your PingOne Advanced Identity Cloud administration console.

  2. Click Applications, and then select the OAuth 2.0 client you created earlier. For example, sdkPublicClient.

  3. On the Sign On tab, in the Client Credentials section, copy the Discovery URI value.

    For example, https://openam-forgerock-sdks.forgeblocks.com/am/oauth2/alpha/.well-known/openid-configuration

If you are using a custom domain, your .well-known is formed as follows:

https://<custom-domain-fqdn>/.well-known/openid-configuration

Learn more in Access OIDC configuration discovery endpoint.
How do I find my PingAM .well-known URL?

To form the .well-known URL for an PingAM server, concatenate the following information into a single URL:

  1. The base URL of the PingAM component of your deployment, including the port number and deployment path.

    For example, https://openam.example.com:8443/openam

  2. The string /oauth2

  3. The hierarchy of the realm that contains the OAuth 2.0 client.

    You must specify the entire hierarchy of the realm, starting at the Top Level Realm. Prefix each realm in the hierarchy with the realms/ keyword.

    For example, /realms/root/realms/customers

    If you omit the realm hierarchy, the top level ROOT realm is used by default.

  4. The string /.well-known/openid-configuration

For example, https://openam.example.com:8443/openam/oauth2/realms/root/.well-known/openid-configuration

For example, https://openam-forgerock-sdks.forgeblocks.com/am/oauth2/realms/alpha/.well-known/openid-configuration

scopes

The scopes you added to your OAuth 2.0 application.

For example, "openid", "email", "address", "profile", "phone"

redirectUri

The redirect_uri as configured in the OAuth 2.0 client profile.

This value must exactly match a value configured in your OAuth 2.0 client.

For example, com.example.demo://oauth2redirect