OpenAM oAuth 2.0 authentication for web project

This topic has 20 replies, 5 voices, and was last updated 3 years, 6 months ago by Kavithak.

  • Author
  • #13692

    Thanks for replying.

    These are the settings I have made:

    Authentication End Point: (Get request to open login window)
    Access Token Endpoint URL: (POST request which returns code= access_token from django server)
    User Profile Service URL: (which will fetch user details based on code)
    Scope: email
    OAuth2 Access Token Profile Service Parameter name: access_token

    Proxy URL:

    Account Provider: org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider
    Account Mapper Configuration: email=mail


    Are you sure that user exists in OpenAM identity repository ?

    To quickly check if the authentication process goes to the end, you can set Authentication settings > User profile to “Dynamic” (OpenAM will automatically create a user profile if it does not find it inside the IdRepo).

    Or maybe the issue is because OpenAM can not map the user using the mail attribute. If not already present, you can add “mail” in Authentication settings > User profile > Alias Search attribute name.


    @vincent-mirzaiansolucom-fr the user does not exists in OpenAM repository. But I have enabled “Create account if it does not exist” in module settings.

    Also, I tried the two processes you told me and it’s still not working.


    After successful login from my app, openam redirects to /OAuth2Proxy.jsp which redirects to with following parameters:
    “authId”: “eyAidHlwIjogIkpXVCIsICJhbGciOiAiSFMyNTYiIH0.eyAiYXV0aEluZGV4VmFsdWUiO”,
    “authIndexType”: “module”,
    “authIndexValue”: “django-auth”,
    “code”: “VOZhiY6jmtJu998VjKvrDJiA4qPwHD”,
    “realm”: “/”,
    “sessionUpgradeSSOTokenId”: “AQIC5wM2LY4SfczjQdDzQUo21Ima..*”
    And in the response I get {“code”:500,”reason”:”Internal Server Error”,”message”:”Authentication Error!!”}

    Also, iPlanetDirectoryPro is not set in cookies but JSessionId and NTID are set in the cookie.


    Based on the source of, you also should have a cookie named ORIG_URL. What are the parameters passed to /OAuth2Proxy.jsp ?

    If not already done set your debug level to Message and look into the “Authentication” debug file.



    Hi Manasvi,

    I am getting the same error, Could you please let me know how did you fixed the issue

    OpenAM Version is : 13.5.2


Viewing 6 posts - 16 through 21 (of 21 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?