/uma/.well-known/uma2-configuration
AM exposes an endpoint for discovering information about the UMA provider configuration.
A resource server or client can send an HTTP GET request to /uma/.well-known/uma2-configuration to retrieve a JSON
object that shows the UMA configuration.
When making a REST API call, specify the realm in the path component of the endpoint.
You must specify the entire hierarchy of the realm, starting at the Top Level Realm.
Prefix each realm in the hierarchy with the realms/ keyword.
For example, /realms/root/realms/customers/realms/europe.
The following is an example of a GET request to the UMA 2.0 configuration discovery endpoint
for a subrealm named subrealm in the Top Level Realm:
$ curl \
--request GET \
"https://openam.example.com:8443/openam/uma/realms/root/realms/alpha/.well-known/uma2-configuration"
{
"issuer": "https://openam.example.com:8443/openam/oauth2/subrealm",
"grant_types_supported": [
"urn:ietf:params:oauth:grant-type:saml2-bearer",
"urn:ietf:params:oauth:grant-type:uma-ticket",
"client_credentials",
"password",
"authorization_code",
"urn:ietf:params:oauth:grant-type:device_code",
"http://oauth.net/grant_type/device/1.0"
],
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"private_key_jwt",
"client_secret_basic"
],
"revocation_endpoint_auth_methods_supported": [
"client_secret_post",
"private_key_jwt",
"client_secret_basic"
],
"response_types_supported": [
"code token id_token",
"code",
"code id_token",
"device_code",
"id_token",
"code token",
"token",
"token id_token"
],
"jwks_uri": "https://openam.example.com:8443/openam/oauth2/realms/root/realms/alpha/connect/jwk_uri",
"dynamic_client_endpoint": "https://openam.example.com:8443/openam/oauth2/realms/root/realms/alpha/register",
"token_endpoint": "https://openam.example.com:8443/openam/oauth2/realms/root/realms/alpha/access_token",
"authorization_endpoint": "https://openam.example.com:8443/openam/oauth2/realms/root/realms/alpha/authorize",
"revocation_endpoint": "https://openam.example.com:8443/openam/oauth2/realms/root/realms/alpha/token/revoke",
"introspection_endpoint": "https://openam.example.com:8443/openam/oauth2/realms/root/realms/alpha/introspect",
"resource_registration_endpoint": "https://openam.example.com:8443/openam/uma/realms/root/realms/alpha/resource_set",
"permission_endpoint": "https://openam.example.com:8443/openam/uma/realms/root/realms/alpha/permission_request"
}The JSON object returned includes the following configuration information:
issuer-
The URI of the issuing authorization server.
grant_types_supported-
The supported OAuth 2.0 grant types.
token_endpoint-
The URI to request tokens.
authorization_endpoint-
The URI to request authorization for issuing a token.
introspection_endpoint-
The URI to introspect an RPT.
For more information, see /oauth2/introspect.
resource_registration_endpoint-
The URI for a resource server to register a resource.
For more information, see /uma/resource_set.
dynamic_client_endpoint-
The URI for registering a dynamic client.
|
Resource servers and clients need to be able to discover the UMA provider for a resource owner.
You should consider redirecting requests to URIs at the server root,
such as For example, if your UMA provider is in a subrealm named AM supports a provider service that lets a realm have a configured option
for obtaining the base URL (including protocol) for components that need to return a URL to the client.
This service is used to provide the URL base that is used in the For more information, see Configuring the Base URL Source Service. |