/.well-known/webfinger
Lets clients determine the provider URL for an end user, as described in the OpenID Connect Discovery 1.0 incorporating errata set 1 specification.
|
The endpoint is disabled by default; to enable it, see OpenID Connect Discovery. |
The discovery endpoint supports the following parameters:
realm-
Specifies the AM realm that must be queried for user information. Unlike other AM endpoints, the discovery endpoint does not support specifying the realm in the path, because it is always located after the deployment URI. For example,
https://openam.example.com:8443/openam/.well-known/webfinger.Required: No
resource-
Identifies the URL-encoded subject of the request. This parameter can take the following formats, as defined in the specification:
-
acct:user-email. For example,acct%3Ademo%40example.com. -
acct:user-email@host. For example,acct%3Ademo%2540example.com%40server.example.com -
http(s)://host/username. For example,http%3A%2F%2Fserver.example.com%2Fdemo. -
http(s)://host:port. For example,http%3A%2F%2Fserver.example.com%3A8080.
The value of
hostis related to the discovery URL exposed to the clients. In the examples, the exposed discovery endpoint would be something similar tohttp://server.example.com/.well-known/webfinger. For more information about exposing the endpoint through a proxy or load balancer, see OpenID Connect Discovery.Wildcard (
*) characters are not supported.Required: Yes.
-
rel-
Specifies the URL-encoded URI identifying the type of service whose location is requested. The only valid value is
http://openid.net/specs/connect/1.0/issuer.Required: Yes.
The following command requests information for the demo user in the example.com domain
to the OAuth 2.0 provider service in the Engineering realm:
$ curl \
--request GET \
"https://openam.example.com:8443/openam/.well-known/webfinger\
?resource=acct%3Ademo%40example.com\
&realm=Engineering\
&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer"
{
"subject": "acct:demo@example.com",
"links": [
{
"rel": "http://openid.net/specs/connect/1.0/issuer",
"href": "https://openam.example.com:8443/openam/oauth2"
}
]
}