forgerock
ForgeRock
- Navigate to Applications -> OAuth 2.0 -> Clients in ForgeRock Access Management.
- Create new client.
- Configure Client ID, Client Secret, Scopes and Redirection URIs.
client ID
client secret
allowed_redirect_uris
should be the two redirect URIs for OpenBao CLI and UI access.oidc_scopes
should be set to the OIDC scopes.
- Save Client ID and Client Secret.
Configuration
-
In OpenBao, enable the OIDC auth method.
-
Configure the OIDC auth method with the
oidc_client_id
(client ID),oidc_client_secret
(client secret), andoidc_discovery_url
(endpoint URL) from ForgeRock.bao write auth/oidc/config \
oidc_client_id="your_client_id" \
oidc_client_secret="your_client_secret" \
default_role="your_default_role" \
oidc_discovery_url="https://openam.example.com:8443/openam/oauth2" -
Configure the OIDC Role with the following:
user_claim
should be"sub"
.allowed_redirect_uris
should be the two redirect URIs for OpenBao CLI and UI access.oidc_scopes
should be set to the OIDC scopes.
bao write auth/oidc/role/your_default_role \
user_claim="sub" \
allowed_redirect_uris="http://localhost:8250/oidc/callback,https://online_version_hostname:port_number/ui/vault/auth/oidc/oidc/callback" \
oidc_scopes="your_oidc_scopes" \
policies=default