Book

OAuth 2.0 in AM

This book provides information on OAuth 2.0 in AM including OIDC and UMA, administering access tokens via REST and known issues (with solutions).


Printer friendly view

Table of Contents

  • 1 What federation standards does AM support?
  • 2 How does OAuth 2.0 Saved Consent work in Identity Cloud and AM (All versions)?
  • 3 How do I check that an OAuth 2.0 client can connect to AM (All versions)?
  • 4 How do I modify the OAuth2 Access Token Modification script in AM 6.5.2.x, 6.5.3 and 7.x?
  • 5 How do I migrate OAuth 2.0 CTS-based tokens to AM 6.5.x from an earlier version?
  • 6 How do I migrate OAuth 2.0 client-based tokens to AM 6.5.x from an earlier version?
  • 7 OIDC
    • 7.1 How do I understand the OAuth2 and OIDC JWTs that are generated or accepted by Identity Cloud or AM (All versions)?
    • 7.2 How do I add custom claims to the OIDC Claims Script in AM (All versions)?
    • 7.3 How do I add a roles claim to the OIDC Claims Script in AM (All versions)?
    • 7.4 How do I add a session property claim to the OIDC Claims Script in AM (All versions)?
    • 7.5 How do I modify the OIDC issuer ID or audience in a multi-server AM (All versions) environment?
    • 7.6 How do I transform an OIDC token to a SAML2 assertion in AM (All versions) using REST STS?
  • 8 Frequently Asked Questions
    • 8.1 FAQ: OAuth 2.0 in Identity Cloud and AM
    • 8.2 FAQ: UMA in AM
  • 9 Known Issues
    • 9.1 OIDC flow or SAML2 federation stops working after applying SameSite Cookie patch or upgrading to AM 5.5.2, 6.5.2.3, 6.5.3 or 7.x
    • 9.2 Issues with upgrades, Amster imports or exports, or registering clients (OAuth2, OIDC and RADIUS) or agents with reference to sunserviceID in AM (All versions)
    • 9.3 No system property value for SMS_TRANSPORT_ENCRYPTION so using AES error in AM (All versions)
    • 9.4 The authenticated client is not authorized to use this authorization grant type response to an OAuth 2.0 endpoint in AM 6.5.x and 7.x
    • 9.5 Shared secret cannot be null error when requesting OAuth2 access tokens in AM 5.x and 6.0.0.x
    • 9.6 FailedToLoadJWKException when retrieving OAuth2 access token in AM (All versions)
    • 9.7 URLDecoder: Illegal hex characters in escape (%) pattern or Client authentication failed error when requesting an OAuth2 access token in Identity Cloud or AM (All versions)
    • 9.8 redirect_uri_mismatch error occurs when using AM (All versions) as an OAuth 2.0 / OpenID client or provider
    • 9.9 Unable to retrieve certificate with alias 'test' from keystore after making changes to the keystore in AM (All versions)
    • 9.10 Unhandled exception: Internal Server Error (500) when running OIDC_CLAIMS scripts under load in AM (All versions)
    • 9.11 invalid_client error when requesting an OAuth 2.0 access token in AM (All versions)
    • 9.12 Access to Java class is prohibited error with scripts running in AM (All versions)
    • 9.13 Creating OAuth2 Provider in AM 5.5.x, 6.x and 7.x fails with a Could not initialise script configurations for realm error when using ssoadm
Loading...