OIDC Provider Setup - Auth Methods - ForgeRock

The Vault website is being redesigned to help you find what you are looking for more effectively.Join the Beta

»ForgeRock

Navigate to Applications -> OAuth 2.0 -> Clients in ForgeRock Access Management.
Create new client.
Configure Client ID, Client Secret, Scopes and Redirection URIs.

client ID
client secret
allowed_redirect_uris should be the two redirect URIs for Vault CLI and UI access.
oidc_scopes should be set to the OIDC scopes.

Save Client ID and Client Secret.

»Configuration

In Vault, enable the OIDC auth method.

Configure the OIDC auth method with the oidc_client_id (client ID), oidc_client_secret (client secret), and oidc_discovery_url (endpoint URL) from ForgeRock.

vault write auth/oidc/config \
   oidc_client_id="your_client_id" \
   oidc_client_secret="your_client_secret" \
   default_role="your_default_role" \
   oidc_discovery_url="https://openam.example.com:8443/openam/oauth2"

vault write auth/oidc/config \
   oidc_client_id="your_client_id" \
   oidc_client_secret="your_client_secret" \
   default_role="your_default_role" \
   oidc_discovery_url="https://openam.example.com:8443/openam/oauth2"

Configure the OIDC Role with the following:

user_claim should be "sub".
allowed_redirect_uris should be the two redirect URIs for Vault CLI and UI access.

oidc_scopes should be set to the OIDC scopes.

vault write auth/oidc/role/your_default_role \
   user_claim="sub" \
   allowed_redirect_uris="http://localhost:8250/oidc/callback,https://online_version_hostname:port_number/ui/vault/auth/oidc/oidc/callback"  \
   oidc_scopes="your_oidc_scopes" \
   policies=default

vault write auth/oidc/role/your_default_role \
   user_claim="sub" \
   allowed_redirect_uris="http://localhost:8250/oidc/callback,https://online_version_hostname:port_number/ui/vault/auth/oidc/oidc/callback"  \
   oidc_scopes="your_oidc_scopes" \
   policies=default