backport of commit 5b8ebf6 (#15324)

Co-authored-by: TylerGelinas <94064355+TylerGelinas@users.noreply.github.com>
Co-authored-by: Heather Simon <84740964+hsimon-hashicorp@users.noreply.github.com>

website/content/docs/auth/jwt/oidc_providers.mdx

@@ -143,6 +143,43 @@ is required so that Vault can fetch the groups properly.
 1. If you see Vault errors involving signature, check the application's Advanced > OAuth settings
    and verify that signing algorithm is "RS256".
 
+## ForgeRock
+
+1. Navigate to Applications -> OAuth 2.0 -> Clients in ForgeRock Access Management.
+1. Create new client.
+1. Configure Client ID, Client Secret, Scopes and Redirection URIs.
+   - `client ID`
+   - `client secret`
+   - `allowed_redirect_uris` should be the two redirect URIs for Vault CLI and UI access.
+   - `oidc_scopes` should be set to the OIDC scopes.
+1. Save Client ID and Client Secret.
+
+### Configuration
+
+1. In Vault, enable the OIDC auth method.
+
+1. Configure the OIDC auth method with the `oidc_client_id` (client ID), `oidc_client_secret`
+   (client secret), and `oidc_discovery_url` (endpoint URL) from ForgeRock.
+   ```shell
+   vault write auth/oidc/config \
+      oidc_client_id="your_client_id" \
+      oidc_client_secret="your_client_secret" \
+      default_role="your_default_role" \
+      oidc_discovery_url="https://openam.example.com:8443/openam/oauth2"
+   ```
+
+1. Configure the [OIDC Role](/api-docs/auth/jwt) with the following:
+   - `user_claim` should be `"sub"`.
+   - `allowed_redirect_uris` should be the two redirect URIs for Vault CLI and UI access.
+   - `oidc_scopes` should be set to the OIDC scopes.
+   ```shell
+   vault write auth/oidc/role/your_default_role \
+      user_claim="sub" \
+      allowed_redirect_uris="http://localhost:8250/oidc/callback,https://online_version_hostname:port_number/ui/vault/auth/oidc/oidc/callback"  \
+      oidc_scopes="your_oidc_scopes" \
+      policies=default
+   ```
+
 ## Gitlab
 
 1. Visit Settings > Applications.