open-vault/website/content/docs/auth/jwt/oidc-providers/forgerock.mdx

43 lines
1.5 KiB
Plaintext

---
layout: docs
page_title: OIDC Provider Setup - Auth Methods - ForgeRock
description: OIDC provider configuration for ForgeRock
---
## ForgeRock
1. Navigate to Applications -> OAuth 2.0 -> Clients in ForgeRock Access Management.
1. Create new client.
1. Configure Client ID, Client Secret, Scopes and Redirection URIs.
- `client ID`
- `client secret`
- `allowed_redirect_uris` should be the two redirect URIs for Vault CLI and UI access.
- `oidc_scopes` should be set to the OIDC scopes.
1. Save Client ID and Client Secret.
### Configuration
1. In Vault, enable the OIDC auth method.
1. Configure the OIDC auth method with the `oidc_client_id` (client ID), `oidc_client_secret`
(client secret), and `oidc_discovery_url` (endpoint URL) from ForgeRock.
```shell
vault write auth/oidc/config \
oidc_client_id="your_client_id" \
oidc_client_secret="your_client_secret" \
default_role="your_default_role" \
oidc_discovery_url="https://openam.example.com:8443/openam/oauth2"
```
1. Configure the [OIDC Role](/api-docs/auth/jwt) with the following:
- `user_claim` should be `"sub"`.
- `allowed_redirect_uris` should be the two redirect URIs for Vault CLI and UI access.
- `oidc_scopes` should be set to the OIDC scopes.
```shell
vault write auth/oidc/role/your_default_role \
user_claim="sub" \
allowed_redirect_uris="http://localhost:8250/oidc/callback,https://online_version_hostname:port_number/ui/vault/auth/oidc/oidc/callback" \
oidc_scopes="your_oidc_scopes" \
policies=default
```