Skip to content

Commit

Permalink
backport of commit 5b8ebf6 (#15324)
Browse files Browse the repository at this point in the history
Co-authored-by: TylerGelinas <[email protected]>
Co-authored-by: Heather Simon <[email protected]>
  • Loading branch information
3 people authored May 6, 2022
1 parent e860559 commit af86659
Showing 1 changed file with 37 additions and 0 deletions.
37 changes: 37 additions & 0 deletions website/content/docs/auth/jwt/oidc_providers.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,43 @@ is required so that Vault can fetch the groups properly.
1. If you see Vault errors involving signature, check the application's Advanced > OAuth settings
and verify that signing algorithm is "RS256".
## ForgeRock
1. Navigate to Applications -> OAuth 2.0 -> Clients in ForgeRock Access Management.
1. Create new client.
1. Configure Client ID, Client Secret, Scopes and Redirection URIs.
- `client ID`
- `client secret`
- `allowed_redirect_uris` should be the two redirect URIs for Vault CLI and UI access.
- `oidc_scopes` should be set to the OIDC scopes.
1. Save Client ID and Client Secret.
### Configuration
1. In Vault, enable the OIDC auth method.
1. Configure the OIDC auth method with the `oidc_client_id` (client ID), `oidc_client_secret`
(client secret), and `oidc_discovery_url` (endpoint URL) from ForgeRock.
```shell
vault write auth/oidc/config \
oidc_client_id="your_client_id" \
oidc_client_secret="your_client_secret" \
default_role="your_default_role" \
oidc_discovery_url="https://openam.example.com:8443/openam/oauth2"
```
1. Configure the [OIDC Role](/api-docs/auth/jwt) with the following:
- `user_claim` should be `"sub"`.
- `allowed_redirect_uris` should be the two redirect URIs for Vault CLI and UI access.
- `oidc_scopes` should be set to the OIDC scopes.
```shell
vault write auth/oidc/role/your_default_role \
user_claim="sub" \
allowed_redirect_uris="http://localhost:8250/oidc/callback,https://online_version_hostname:port_number/ui/vault/auth/oidc/oidc/callback" \
oidc_scopes="your_oidc_scopes" \
policies=default
```
## Gitlab
1. Visit Settings > Applications.
Expand Down

0 comments on commit af86659

Please sign in to comment.