--- title: Connecting PingFederate with Yahoo through OIDC description: Learn how to connect PingFederate with your Yahoo developer account using OpenID Connect (OIDC). component: solution-guides page_id: solution-guides:workforce_use_cases:htg_connect_pf_with_yahoo_through_oidc canonical_url: https://docs.pingidentity.com/solution-guides/workforce_use_cases/htg_connect_pf_with_yahoo_through_oidc.html revdate: April 13, 2025 page_aliases: ["workforce_use_cases:htg_connect_pf_with_yahoo_through_oidc_oidc_app_yahoo.adoc", "workforce_use_cases:htg_connect_pf_with_yahoo_through_oidc_oidc_idp_connection.adoc", "workforce_use_cases:htg_connect_pf_with_yahoo_through_oidc_local_identity_profile.adoc", "workforce_use_cases:htg_connect_pf_with_yahoo_through_oidc_html_idp_adapter.adoc", "workforce_use_cases:htg_connect_pf_with_yahoo_through_oidc_policy_contract_lip.adoc", "workforce_use_cases:htg_connect_pf_with_yahoo_through_oidc_testing.adoc"] section_ids: component: Component creating-an-oidc-app-in-your-yahoo-developer-account: Creating an OIDC app in your Yahoo developer account before-you-begin: Before you begin about-this-task: About this task steps: Steps creating-an-oidc-type-idp-connection: Creating an OIDC type IdP connection steps-2: Steps creating-a-local-identity-profile: Creating a local identity profile steps-3: Steps creating-an-html-form-idp-adapter: Creating an HTML form IdP adapter about-this-task-2: About this task steps-4: Steps creating-a-policy-to-fulfill-the-policy-contract-chosen-in-the-lip: Creating a policy to fulfill the policy contract chosen in the LIP steps-5: Steps testing-the-configuration: Testing the configuration steps-6: Steps result: Result: result-2: Result --- # Connecting PingFederate with Yahoo through OIDC Learn how to connect PingFederate with your Yahoo developer account using OpenID Connect (OIDC). | | | | - | ------------------------------------------------------ | | | Yahoo no longer supports OpenID2 and migrated to OIDC. | ## Component PingFederate 10.3 ## Creating an OIDC app in your Yahoo developer account ### Before you begin * Go to [developer.yahoo.com](https://developer.yahoo.com/) and create a developer account. ### About this task In your Yahoo developer account, create an OIDC app and obtain the **Client ID** and **Client Secret**. ### Steps 1. Sign on to your Yahoo developer account and go to **Apps > Create an App**. 2. [Create an application with OpenID Connect permissions](https://developer.yahoo.com/oauth2/guide/openid_connect/getting_started.html). 3. Copy the **Client ID** and **Client Secret**. ![Screen capture of the Yahoo developer My Apps window showing the Client ID and Client Secret.](_images/qcw1620233205439.png) ## Creating an OIDC type IdP connection ### Steps 1. Sign on to PingFederate and go to **Authentication > Authorization > IdP Connections**. Click **Create Connection**. 2. On the **Connection Type** tab, select the **Browser SSO** checkbox, and in the **Protocol** list, select **SAML 2.0**. Click **Next**. ![Screen capture of the Connection Type tab with the Browser SSO Profiles checkbox selected and the SAML 2.0 option checked from the Protocol list.](_images/trs1624388770282.png) 3. On the **Connection Options** tab, select the **Browser SSO** checkbox. Click **Next**. 4. On the **General Info** tab, in the **Issuer** field, enter `https://api.login.yahoo.com`. 5. In the **Client ID** and **Client Secret** fields, enter the values copied earlier from your Yahoo OIDC app. 6. Click **Load Metadata**. Click **Next**. ![Screen capture of the General Info tab, showing the completed Issuer, Client ID, and Client Secret fields.](_images/khd1624388963952.png) 7. On the **Extended Properties** tab, click **Next**. 8. On the **Browser SSO** tab, click **Configure Browser SSO**. 9. On the **User Session Creation** tab, click **Configure User-Session Creation**. 10. On the **Identity Mapping** tab, select **Account Mapping**. Click **Next**. 11. On the **Attribute Contract** tab, leave the default values selected. Click **Next**. ![Screen capture of the Attribute Contract tab, showing the default values listed.](_images/zhm1624389361302.png) 12. On the **Target Session Mapping** tab, click **Map New Adapter Instance**. 13. On the **Adapter Instance** tab, in the **Adapter Instance** list, select **Open Token** adapter. Click **Next**. ![Screen capture of the Adapter Instance tab, showing the Adapter Instance list expanded.](_images/jad1624389568099.png) 14. On the **Attribute Data Store** tab, leave the default values selected. Click **Next**. ![Screen capture of the Adapter Data Store tab showing the default values listed.](_images/qkw1624389700267.png) 15. On the **Adapter Contract Fulfillment** tab, map the values as follows. Click **Next**. | Attribute | Source | Value | | ------------- | ------------------- | ---------------- | | **givenName** | **Provider Claims** | **given\_name** | | **mail** | **Provider Claims** | **email** | | **sn** | **Provider Claims** | **family\_name** | | **subject** | **Provider Claims** | **sub** | ![Screen capture of the Adapter Contract Fulfillment tab showing the specified settings.](_images/bwa1624389840839.png) 16. On the **Issuance Criteria** tab, click **Next**. 17. On the **Summary** tab, review your entries and click **Done**. 18. On the **User Session Creation** tab, click **Next**. 19. On the **Protocol Settings** tab, click **Configure Protocol Settings**. 20. On the **OpenID Provider Info** tab, review the information and click **Next**. ![Screen capture of the OpenID Provider Info tab.](_images/kgu1624390089670.png) 21. On the **Overrides** tab, enter a **Default Target URL**. Click **Next**. 22. On the **Summary** tab, review your entries and click **Done**. 23. On the **Protocol Settings** tab, click **Next**. 24. On the **Summary** tab, review your entries and click **Done**. 25. On the **Activation and Summary** tab, click the toggle to activate the connection. Click **Save**. ## Creating a local identity profile ### Steps 1. Go to **Authentication > Policies > Local Identity Profiles** and click **Create New Profile**. 2. On the **Profile Info** tab, choose an existing policy contract or create a new one. Click **Next**. ![Screen capture of the Profile Info tab.](_images/msl1624390397788.png) 3. On the **Authentication Sources** tab, in the empty field next to the **Add** button, enter`Yahoo`. Click **Add**. ![Screen capture of the Authentication Sources tab showing Yahoo added as a source.](_images/zdn1624390527419.png) 4. Click **Save**. ## Creating an HTML form IdP adapter ### About this task Create an HTML form IdP adapter to include the newly created LIP. ### Steps 1. Go to **Authentication > Integration > IdP Adapters** and click **Create New Instance**. 2. On the **Type** tab, enter a **Instance Name** and **Instance ID**, and in the **Type** list, select **HTML From IdP Adapter**. Click **Next**. ![Screen capture of the Type ta showing the completed Instance Name, instance ID, Type, Class Name and Parent Instance fields.](_images/yuh1624390674673.png) 3. On the **IdP Adapter** tab, select the **Local Identity Profile** checkbox and select the newly-created LIP in the list. Click **Next**. ![Screen capture of the IdP Adapter tab showing the Local Identity Profile checkbox selected and the LIP selected from the list.](_images/bsx1624390843981.png) 4. On the **Extended Contract** tab, add all desired attributes. Click **Next**. 1. To add an attribute, enter the name in the empty field and click **Add**. ![Screen capture of the Extended Contract tab showing attributes listed.](_images/tme1624391014636.png) 5. On the **Adapter Attributes tab**, in the **username** row, select the **Pseudonym** checkbox. Click **Next**. ![Screen capture of the Adapter Attributes tab showing the username Pseudonym checkbox selected.](_images/lgd1624391164859.png) 6. On the **Adapter Contract Fulfillment** tab, configure the contract as follows. Click **Next**. | Attribute | Value | | --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **IsPhoneAvailable** | `#this.get("telephoneNumber")== null? false:#this.get("telephoneNumber").toString().equalsIgnoreCase("")?false:true` | | **telephoneNumber** | `telephoneNumber` | | **mail** | `mail` | | **policy.action** | `policy.action` | | **givenName** | `givenName` | | **objectGUID** | `objectGUID` | | **memberOf** | `memberOf` | | **pi.template** | `{ "name": "strong_authentication"."variables": { "logourl"."https//www.logosurfer.com/wp-content/uploads/2018/03/kohls-log_0.png"."currency": "USD"."recipient": "Charlie Parker" }}` | | **sn** | `sn` | | **userPrincipalName** | `userPrincipalName` | | **subjectDN** | `subjectDN` | | **username** | `username` | 7. On the **Summary** tab, review your entries. Click **Save**. ## Creating a policy to fulfill the policy contract chosen in the LIP ### Steps 1. Select the HTML form adapter that you created earlier and click **Rules**. 2. Add **Yahoo** as a rule: 1. From the **Attribute Name** list, select **policy.action**. 2. From the **Condition** list, select **equal to**. 3. In the **Value** field, enter `Yahoo`. 4. In the **Result** field, enter `Yahoo`. 5. Click **Done**. The rest of the values are optional. 3. Under the **Yahoo** branch, in the **Policy** list, select the IdP connection that you created earlier. 4. In the **Success** list, select the policy contract that you used in the LIP. Click **Contract Mapping**. ![Screen capture of the Yahoo branch.](_images/mej1624391659649.png) 5. On the **Contact Fulfillment** tab, configure the following attributes. | Attribute | Value | | -------------------- | ------------- | | **UPN** | `name` | | **Email** | `email` | | **Group Membership** | `grp` | | **Object GUID** | `objectguid` | | **subject** | `sub` | | **First Name** | `given_name` | | **DN** | `dn` | | **Last Name** | `family_name` | 6. On the **Summary** tab, click **Done**. ## Testing the configuration ### Steps 1. Launch an application that satisfies the newly-created policy. #### Result: A sign-on window opens. ![Screen capture of the Sign on window.](_images/ybn1624392025856.png) 2. In the **Sign On With** section, click **Yahoo** to go to the Yahoo sign-on page. ![Screen capture of the Yahoo sign on page](_images/kjq1624392175053.png) 3. Enter your password and click **Next**. ### Result After signing on, you are taken to the end application.