Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-4333

OAuth2 endpoint doesn't honour realm DNS aliases - must specify realm via URL query string


    • Sprint:
      Sprint 71 - Team Tesla, Sprint 72 - Team Tesla, Sprint 73 - Team Tesla, Sprint 74 - Team Tesla, Sprint 75 - Team Tesla, Sprint 76 - Team Tesla
    • Support Ticket IDs:


      This may be classified as a bug or improvement, depending on expectations of the realm DNS alias functionality.

      On a vanilla OpenAM install, setup a subrealm with working DNS alias support and add an oauth2 provider to the realm. Set the access token lifetime to something distinguishable so it is easy to see which configuration is used, e.g 77.

      Then, as an example, the following call will still use the root realm configuration, despite using the subrealm DNS alias:

      $ curl --request POST --user "oauth2:oauth2" --data "grant_type=client_credentials" "http://subrealm.example.com:8080/openam/oauth2/access_token"

      Specifying the realm via URL query string (as is in the documentation) works.

      $ curl --request POST --user "oauth2:oauth2" --data "grant_type=client_credentials" "http://openam.example.com:8080/openam/oauth2/access_token?realm=subrealm"

      Allowing the realm to also be specified in the POST data might also be a useful improvement to help consistency vs other OpenAM endpoints.


          Issue Links



              • Assignee:
                jamesphillpotts James Phillpotts
                ian.packer Ian Packer [X] (Inactive)
              • Votes:
                0 Vote for this issue
                9 Start watching this issue


                • Created: