Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9777

Json Web Key URI in OAuth2 OpenID connect client config pre-populated incorrectly

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 13.5.0, 13.5.1, 13.5.2, 5.5.1, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.5.0, 6.0.0.6, 6.5.0.1, 6.0.0.7, 6.5.0.2, 6.5.2, 6.5.2.1, 6.5.2.2, 6.5.2.3
    • 7.0.0, 6.5.3
    • oauth2, OpenID Connect
    • Rank:
      1|hzs8cf:
    • AM Sustaining Sprint 74, AM Sustaining Sprint 75
    • 5
    • No
    • Yes
    • No
    • Yes and I used the same an in the description

      Description

      When registering a client for OAuth2/OpenID connect in OpenAM (openam as OpenID connect provider), the field "Json Web Key URI" is pre-populated with the server's jwk_uri URL, such as: http://openam.example.com:8080/openam/oauth2/connect/jwk_uri

      That is incorrect (and very misleading in terms of understanding what the field is used for). The field description states (correctly): The uri that contains the client's public keys in Json Web Key format. That field is used when the client authenticates to OpenAM using private_key_jwt method. OpenAM needs to validate the Jwt_Token sent by the client for authentication and it can find the public key of the client in that field. Nothing to do with OpenAM itself.

      The field should not be prepopulated at all.

      See also: https://backstage.forgerock.com/knowledge/kb/article/a99271502 "FailedToLoadJWKException when retrieving OAuth2 access token in AM"

        Attachments

          Issue Links

            Activity

              People

              chee-weng.chea C-Weng C
              nathalie.hoet Nathalie Hoet
              Votes:
              4 Vote for this issue
              Watchers:
              12 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: