OpenAM
Open Identity Platformidentity4 credentials
OpenAM Administrator Password
openam / amadmin-password
OpenAM installation requires passwords for the default OpenAM administrator, amadmin, and default Policy Agent users. OpenAM documents logging in as the administrator with the password provided during setup.
Default credentials
amadmin:(set during configuration)Location
/openamOpenAM administration console and authentication endpoints
OpenAM configuration store or directory service containing admin and agent account data
OpenAM bootstrap/configuration files, install properties, and deployment scripts
container secrets, cloud secret managers, configuration vaults, and CI/CD variables
install automation, Docker Compose files, and committed configuration samples
installation logs and configuration wizard output
Notes
The default block records the built-in administrator username, not a static password. The password is operator-supplied during configuration.
Policy Agent Password
openam / policy-agent-password
OpenAM installation asks for a password for default Policy Agent users. Policy agents use configured credentials to authenticate to OpenAM for policy enforcement and agent profile operations.
Location
policy agent profiles, agent bootstrap properties, and container deployment config
OpenAM configuration store entries for agent profiles and credentials
agent installation password files, vault entries, and Kubernetes Secrets
committed agent configs and install scripts
policy agent installation and connection troubleshooting logs
Notes
Agent credentials can permit policy agent impersonation or unauthorized access to protected resource configuration.
OAuth/OIDC Client Secret
openam / oauth-client-secret
OpenAM supports OAuth2 and OIDC applications and authentication modules. Client integrations commonly use client IDs and client secrets issued or configured in OpenAM realms.
Location
OpenAM configuration store holding OAuth2/OIDC client profiles
application config, realm exports, .env files, and deployment manifests
OPENAM_CLIENT_ID, OPENAM_CLIENT_SECRETapplication secret stores, CI/CD variables, and cloud secret managers
OAuth examples, tests, and accidentally committed app config
token exchange traces and authentication debugging output
Notes
Client secret exposure can allow impersonation of the relying party in OAuth/OIDC token exchange flows.
Directory Store Bind Password
openam / directory-bind-password
OpenAM custom configuration can connect to an LDAP directory service. OpenAM installation docs include Login ID and Password for the directory administrator user used to update schema and user data.
Location
OpenAM install properties and directory-service connection configuration
LDAP bind password vault entries and deployment secrets
install automation and committed configuration files
installer logs and LDAP connection troubleshooting output
Notes
Directory administrator credentials may grant broad read/write access to identity data, schema, and user credentials.
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.