Share on:

OpenAM and Spring Boot 3 Integration via OIDC OAuth2 Protocol

Original article:


There are several ways to integrate Spring application with OpenAM. In the following tutorial, we will integrate Spring Application with OpenAM using the OIDC/OAuth2 protocol.

OpenAM Configuration

If you have not installed OpenAM yet, you could run OpenAM as a Docker image. Let’s assume the OpenAM instance URL is

Go to the target realm and in the Common Tasks section. Open OpenAM console in a browser and create OAuth2 Provider. Press the Configure OAuth Provider button, and then the Configure OpenID Connect button.

Realm Common Tasks

Realm Setup OIDC

Ajust the required setting and press the Create button.

OIDC configuration

Go back to the realm and select in the realm’s dashboard Applications → OAuth 2.0 in the right menu.

Realm OAuth2 Applications

Create a new Agent, set name (client id) and password (client secret) and press the Next button. Go to the new created agent and set the following settings

Spring Boot Application

Create a new Spring Boot application and add the following Maven dependencies.

<!--security dependencies-->

Create a controller and two endpoints: index and protected-oauth. The index endpoint will be accessible for anyone and protected-oauth endpoint will be accessible for authenticated with OpenAM users via OIDC protocol.

public class SampleController {

    public String index() {
        return "index";

    public String oauthProtected(HttpServletRequest request, Model model) {
        Principal token = request.getUserPrincipal();
        model.addAttribute("userName", token.getName());
        model.addAttribute("method", "OAuth2/OIDC");
        return "protected";

Create the following templates for controllers:


<!DOCTYPE html>
<h1>OpenAM Spring Security Integration</h1>
<h2>Test Authentication</h2>
    <li><a href="/protected-oauth">OAuth2/OIDC</a></li>


<!DOCTYPE html>
<html xmlns:th="">
<h1>Protected resource</h1>
<a href="/">Back</a></li>
<p><span th:text="${userName}"/> user authenticated with <span th:text="${method}"/></p>

Create Spring Security configuration

public class SecurityConfiguration {
    public SecurityFilterChain securityWebFilterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests((authorize) -> authorize.requestMatchers("/", "/oauth2/**")

Add the following settings to the application.yml file:

  port: 8081
            authorization-grant-type: authorization_code
            client-id: test_client
            client-secret: changeme
              - openid
              - profile
            user-name-attribute: sub

Test the Solution

Logout form OpenAM if you are logged in.

Run the Spring application an open its URL in a browser: http://localhost:8081

Spring Boot App Index

Click on the OAuth2/OIDC navigation link, and you will be redirected to the OpenAM authentication page.

OpenAM Authentication

Enter the user’s login and password and then press the LOG IN button.

OpenAM Consent

After pressing the Allow button, you will be redirected to the Spring Security Application as an authenticated user.

Spring Boot App Authenticated