OAuth 2.0 in AM/OpenAM

This book provides information on OAuth 2.0 in AM/OpenAM including OIDC and UMA, administering access tokens via REST and and known issues (with solutions).

Printer friendly view

Table of Contents

  • 1 What federation standards does AM/OpenAM support?
  • 2 How does OAuth 2.0 Saved Consent work in AM/OpenAM (All versions)?
  • 3 How do I check that an OAuth 2.0 client can connect to AM/OpenAM (All versions)?
  • 4 How do I improve OAuth 2.0 performance in OpenAM 13.0?
  • 5 How do I bypass the OAuth 2.0 Authorization Consent page in AM/OpenAM (All versions)?
  • 6 Access Tokens and REST
    • 6.1 How do I perform common OAuth 2.0 tasks using curl commands with the standard endpoints in AM/OpenAM (All versions)?
    • 6.2 How do I request further information (such as client_id or uid) for an OAuth 2.0 access token in AM/OpenAM (All versions)?
  • 7 OIDC
    • 7.1 How do I understand the JWTs used in OIDC that are generated or accepted by AM/OpenAM (All versions)?
    • 7.2 How do I add custom claims to the OIDC Claims Script in AM (All versions) and OpenAM 13.x?
    • 7.3 How do I add a roles claim to the OIDC Claims Script in AM (All versions) and OpenAM 13.x?
    • 7.4 How do I modify the OIDC issuer ID or audience in a multi-server AM (All versions) environment?
    • 7.5 How do I transform an OIDC token to a SAML2 assertion in AM/OpenAM (All versions) using REST STS?
  • 8 Frequently Asked Questions
    • 8.1 FAQ: OAuth 2.0 in AM/OpenAM
    • 8.2 FAQ: UMA in AM/OpenAM
  • 9 Known Issues
    • 9.1 Shared secret cannot be null error when requesting OAuth2 access tokens in AM 5.x and 6.0.0.x
    • 9.2 The authenticated client is not authorized to use this authorization grant type response to an OAuth 2.0 endpoint in AM 6.5.x
    • 9.3 redirect_uri_mismatch error occurs when using AM/OpenAM (All versions) as an OAuth 2.0 / OpenID client or provider
    • 9.4 Unable to retrieve certificate with alias 'test' from keystore after making changes to the keystore in AM (All versions)
    • 9.5 Unhandled exception: Internal Server Error (500) when running OIDC_CLAIMS scripts under load in AM (All versions)
    • 9.6 Addition of the standard header "Pragma" is discouraged errors when AM 5, 5.1.x and OpenAM 13.5 is configured as an OAuth Provider
    • 9.7 invalid_client error when requesting an OAuth 2.0 access token in AM (All versions) and OpenAM 13.x
    • 9.8 Access to Java class is prohibited error with scripts running in AM (All versions) and OpenAM 13.x
    • 9.9 Creating OAuth2 Provider in AM 5.5.x and 6.x fails with a Could not initialise script configurations for realm error when using ssoadm