Access Management 7.2.2

/oauth2/.well-known/openid-configuration

Lets relying parties retrieve the OpenID provider configuration by HTTP GET as specified by OpenID Connect Discovery 1.0.

When the OpenID Connect provider is configured in a realm, relying parties can get the configuration by passing in the full path to the realm in the URL. For example, if the OpenID Connect provider is configured in a realm named alpha, the URL would resemble the following: https://openam.example.com:8443/openam/oauth2/realms/root/realms/alpha/.well-known/openid-configuration.

For more information about OpenID Connect discovery, see OpenID Connect Discovery.

After the relying party has discovered who the provider for the end user is, they can discover the provider’s configuration:

$ curl "https://openam.example.com:8443/openam/oauth2/.well-known/openid-configuration"
{
   "request_parameter_supported":true,
   "claims_parameter_supported":false,
   "pushed_authorization_request_endpoint":"https://openam.example.com:8443/openam/oauth2/realms/root/realms/alpha/par",
   "introspection_endpoint":"https://openam.example.com:8443/openam/oauth2/realms/root/realms/alpha/introspect",
   "check_session_iframe":"https://openam.example.com:8443/openam/oauth2/connect/checkSession",
   "require_pushed_authorization_requests":false,
   "scopes_supported":[
      "address",
      "phone",
      "openid",
      "profile",
      "email"
   ],
   "userinfo_endpoint":"https://openam.example.com:8443/openam/oauth2/realms/root/realms/alpha/userinfo",
   "jwks_uri":"https://openam.example.com:8443/openam/oauth2/realms/root/realms/alpha/connect/jwk_uri",
   "registration_endpoint":"https://openam.example.com:8443/openam/oauth2/realms/root/realms/alpha/register",
  …​.
}
Copyright © 2010-2024 ForgeRock, all rights reserved.