OAuth 2.0 in AM/OpenAM

This book provides information on OAuth 2.0 in AM/OpenAM including OIDC and UMA, administering access tokens via REST and and known issues (with solutions).

Printer friendly view

Table of Contents

  • 1 What federation standards does AM/OpenAM support?
  • 2 How do I check that an OAuth 2.0 client can connect to AM/OpenAM (All versions)?
  • 3 How do I improve OAuth 2.0 performance in OpenAM 13.0?
  • 4 How do I bypass the OAuth 2.0 Authorization Consent page in AM/OpenAM (All versions)?
  • 5 Access Tokens and REST
    • 5.1 How do I perform common OAuth 2.0 tasks using curl commands with the standard endpoints in AM/OpenAM (All versions)?
    • 5.2 How do I request further information (such as client_id or uid) for an OAuth 2.0 access token in AM/OpenAM (All versions)?
  • 6 OIDC
    • 6.1 How do I understand the JWTs used in OIDC that are generated or accepted by AM/OpenAM (All versions)?
    • 6.2 How do I add custom claims to the OIDC Claims Script in AM (All versions) and OpenAM 13.x?
    • 6.3 How do I add a roles claim to the OIDC Claims Script in AM (All versions) and OpenAM 13.x?
    • 6.4 How do I modify the OIDC issuer ID or audience in a multi-server AM (All versions) environment?
    • 6.5 How do I transform an OIDC token to a SAML2 assertion in AM/OpenAM (All versions) using REST STS?
  • 7 Frequently Asked Questions
    • 7.1 FAQ: OAuth 2.0 in AM/OpenAM
    • 7.2 FAQ: UMA in AM/OpenAM
  • 8 Known Issues
    • 8.1 redirect_uri_mismatch error occurs when using AM/OpenAM (All versions) as an OAuth 2.0 / OpenID client or provider
    • 8.2 Unable to retrieve certificate with alias 'test' from keystore after making changes to the keystore in AM (All versions)
    • 8.3 Addition of the standard header "Pragma" is discouraged errors when AM 5, 5.1.x and OpenAM 13.5 is configured as an OAuth Provider
    • 8.4 invalid_client error when requesting an OAuth 2.0 access token in AM (All versions) and OpenAM 13.x
    • 8.5 Access to Java class is prohibited error with scripts running in AM (All versions) and OpenAM 13.x
    • 8.6 Creating OAuth2 Provider in AM 5.5.x and 6.x fails with a Could not initialise script configurations for realm error when using ssoadm