/.well-known/webfinger
Lets clients determine the provider URL for an end user, as described in the OpenID Connect Discovery 1.0 incorporating errata set 1 specification.
Tip
The endpoint is disabled by default; to enable it, see "OpenID Connect Discovery".
The discovery endpoint supports the following parameters:
realm
Specifies the AM realm that must be queried for user information. Unlike other AM endpoints, the discovery endpoint does not support specifying the realm in the path, because it is always located after the deployment URI. For example,
https://openam.example.com:8443/openam/.well-known/webfinger
.Required: No
resource
Identifies the URL-encoded subject of the request. This parameter can take the following formats, as defined in the specification:
acct:user_email
. For example,acct%3Ademo%40example.com
.acct:user_email@host
. For example,acct%3Ademo%2540example.com%40server.example.com
http_or_https://host/username
. For example,http%3A%2F%2Fserver.example.com%2Fdemo
.http_or_https://host:port
. For example,http%3A%2F%2Fserver.example.com%3A8080
.
The value of
host
is related to the discovery URL exposed to the clients. In the examples, the exposed discovery endpoint would be something similar tohttp://server.example.com/.well-known/webfinger
. For more information about exposing the endpoint through a proxy or load balancer, see "OpenID Connect Discovery".Wildcard (*) characters are not supported.
Required: Yes.
rel
Specifies the URL-encoded URI identifying the type of service whose location is requested. The only valid value is
http://openid.net/specs/connect/1.0/issuer
.Required: Yes.
The following command requests information for the demo
user in the example.com
domain to the OAuth 2.0 provider service in the Engineering
realm:
$curl \ --request GET \ "https://openam.example.com:8443/openam/.well-known/webfinger\ ?resource=acct%3Ademo%40example.com\ &realm=Engineering\ &rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer"
{ "subject": "acct:demo@example.com", "links": [ { "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://openam.example.com:8443/openam/oauth2" } ] }