OpenID login_hint

rsolomon · July 28, 2022, 8:18am

Hi,
I’m trying to set up ForgeRock-AM and use OAuth2 Provider service. I’m passing login_hint on the authorization URL but there seems to have no effect on the login page (username not populated). My authentication modules are on default settings (uses uid for searching users) and I’m passing an existing username as my login_hint.

Is login_hint working in AM 7.2? Appreciate any pointers or setup guide to make login_hints work.
Thank you,
Ryan Solomon

My Forgerock AM version is 7.2

Related guide docs I’ve come across so for are:
/docs/am/7.2/oauth2-guide/oauth2-authorize-endpoint.html
/docs/am/7.2/oidc1-guide/oidc-mobile-connect.html
am 7.0 known issue

gery.ducatel · August 10, 2022, 5:13pm

Hi rsolomon,

If the login_hint value is found AM will set a cookie “oidcLoginHint” which will be available to the Authenticate call.
You can retrieve this value from an AM node, e.g. (Groovy Scripted Decision Node):

def headerName = "Cookie";
def cookies = requestHeaders.get(headerName);
def username = "anonymous";

for(def cookie in cookies) {
  if (cookie.indexOf("oidcLoginHint") >= 0) {
    username = cookie.split("=")[1];
  }
}

sharedState.put("username", username);
outcome = "true";

Therefore you should check if the cookie is set when the Authenticate call is prompted after the Authorize call.

OpenID login_hint

Is login_hint working in AM 7.2? Appreciate any pointers or setup guide to make login_hints work. Thank you, Ryan Solomon

Is login_hint working in AM 7.2? Appreciate any pointers or setup guide to make login_hints work.
Thank you,
Ryan Solomon