diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
index e86d23f38..edf1137c2 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
@@ -90,15 +90,15 @@ public class ClientDetailsEntity implements ClientDetails {
 	private String sectorIdentifierUri; // sector_identifier_uri
 	private SubjectType subjectType; // subject_type
 
-	private JWSAlgorithmEmbed requestObjectSigningAlg = JWSAlgorithmEmbed.NONE; // request_object_signing_alg
+	private JWSAlgorithmEmbed requestObjectSigningAlg = null; // request_object_signing_alg
 
-	private JWSAlgorithmEmbed userInfoSignedResponseAlg = JWSAlgorithmEmbed.NONE; // user_info_signed_response_alg
-	private JWEAlgorithmEmbed userInfoEncryptedResponseAlg = JWEAlgorithmEmbed.NONE; // user_info_encrypted_response_alg
-	private JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc = JWEEncryptionMethodEmbed.NONE; // user_info_encrypted_response_enc
+	private JWSAlgorithmEmbed userInfoSignedResponseAlg = null; // user_info_signed_response_alg
+	private JWEAlgorithmEmbed userInfoEncryptedResponseAlg = null; // user_info_encrypted_response_alg
+	private JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc = null; // user_info_encrypted_response_enc
 
-	private JWSAlgorithmEmbed idTokenSignedResponseAlg = JWSAlgorithmEmbed.NONE; // id_token_signed_response_alg
-	private JWEAlgorithmEmbed idTokenEncryptedResponseAlg = JWEAlgorithmEmbed.NONE; // id_token_encrypted_response_alg
-	private JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc = JWEEncryptionMethodEmbed.NONE; // id_token_encrypted_response_enc
+	private JWSAlgorithmEmbed idTokenSignedResponseAlg = null; // id_token_signed_response_alg
+	private JWEAlgorithmEmbed idTokenEncryptedResponseAlg = null; // id_token_encrypted_response_alg
+	private JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc = null; // id_token_encrypted_response_enc
 
 	private Integer defaultMaxAge; // default_max_age
 	private Boolean requireAuthTime; // require_auth_time
diff --git a/openid-connect-server/src/main/webapp/resources/js/client.js b/openid-connect-server/src/main/webapp/resources/js/client.js
index 282c7b087..ca9ee7cf2 100644
--- a/openid-connect-server/src/main/webapp/resources/js/client.js
+++ b/openid-connect-server/src/main/webapp/resources/js/client.js
@@ -370,6 +370,15 @@ var ClientFormView = Backbone.View.extend({
         if (value == "") return null;
         else return value;
     },
+    
+    // returns "null" if given the value "default" as a string, otherwise returns input value. useful for parsing the JOSE algorithm dropdowns
+    defaultToNull:function(value) {
+    	if (value == 'default') {
+    		return null;
+    	} else {
+    		return value;
+    	}
+    },
 
     // maps from a form-friendly name to the real grant parameter name
     grantMap:{
@@ -484,13 +493,13 @@ var ClientFormView = Backbone.View.extend({
             contacts: this.contactsCollection.pluck('item'),
             requestUris: this.requestUrisCollection.pluck('item'),
             defaultAcrValues: this.defaultAcrValuesCollection.pluck('item'),
-            requestObjectSigningAlg: $('#requestObjectSigningAlg select').val(),
-            userInfoSignedResponseAlg: $('#userInfoSignedResponseAlg select').val(),
-            userInfoEncryptedResponseAlg: $('#userInfoEncryptedResponseAlg select').val(),
-            userInfoEncryptedResponseEnc: $('#userInfoEncryptedResponseEnc select').val(),
-            idTokenSignedResponseAlg: $('#idTokenSignedResponseAlg select').val(),
-            idTokenEncryptedResponseAlg: $('#idTokenEncryptedResponseAlg select').val(),
-            idTokenEncryptedResponseEnc: $('#idTokenEncryptedResponseEnc select').val()
+            requestObjectSigningAlg: this.defaultToNull($('#requestObjectSigningAlg select').val()),
+            userInfoSignedResponseAlg: this.defaultToNull($('#userInfoSignedResponseAlg select').val()),
+            userInfoEncryptedResponseAlg: this.defaultToNull($('#userInfoEncryptedResponseAlg select').val()),
+            userInfoEncryptedResponseEnc: this.defaultToNull($('#userInfoEncryptedResponseEnc select').val()),
+            idTokenSignedResponseAlg: this.defaultToNull($('#idTokenSignedResponseAlg select').val()),
+            idTokenEncryptedResponseAlg: this.defaultToNull($('#idTokenEncryptedResponseAlg select').val()),
+            idTokenEncryptedResponseEnc: this.defaultToNull($('#idTokenEncryptedResponseEnc select').val())
         };
 
         // post-validate
diff --git a/openid-connect-server/src/main/webapp/resources/template/client.html b/openid-connect-server/src/main/webapp/resources/template/client.html
index 43e9e2479..e96b8136e 100644
--- a/openid-connect-server/src/main/webapp/resources/template/client.html
+++ b/openid-connect-server/src/main/webapp/resources/template/client.html
@@ -420,6 +420,7 @@
                 <div class="controls">
 					<select>
 						<!-- TODO: this should be filled out by the server, perhaps? -->
+						<option value="default" <%=requestObjectSigningAlg == null ? 'selected ' : ''%>>Use server default</option>
 						<option value="none" <%=requestObjectSigningAlg == "none" ? 'selected' : ''%>>No digital signature</option>
 						<option value="HS256" <%=requestObjectSigningAlg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option>
 						<option value="HS384" <%=requestObjectSigningAlg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option>
@@ -439,6 +440,7 @@
                 <div class="controls">
 					<select>
 						<!-- TODO: this should be filled out by the server, perhaps? -->
+						<option value="default" <%=userInfoSignedResponseAlg == null ? 'selected ' : ''%>>Use server default</option>
 						<option value="none" <%=userInfoSignedResponseAlg == "none" ? 'selected' : ''%>>No digital signature</option>
 						<option value="HS256" <%=userInfoSignedResponseAlg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option>
 						<option value="HS384" <%=userInfoSignedResponseAlg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option>
@@ -458,6 +460,7 @@
                 <div class="controls">
 					<select>
 						<!-- TODO: this should be filled out by the server, perhaps? -->
+						<option value="default" <%=userInfoEncryptedResponseAlg == null ? 'selected ' : ''%>>Use server default</option>
 						<option value="none" <%=userInfoEncryptedResponseAlg == "none" ? 'selected' : ''%>>No encryption</option>
 						<option value="RSA1_5" <%=userInfoEncryptedResponseAlg == "RSA1_5" ? 'selected' : ''%>>RSAES-PKCS1-V1_5</option>
 						<option value="RSA-OAEP" <%=userInfoEncryptedResponseAlg == "RSA-OAEP" ? 'selected' : ''%>>RSAES using Optimal Asymmetric Encryption Padding (OAEP)</option>
@@ -476,6 +479,7 @@
                 <div class="controls">
 					<select>
 						<!-- TODO: this should be filled out by the server, perhaps? -->
+						<option value="default" <%=userInfoEncryptedResponseEnc == null ? 'selected ' : ''%>>Use server default</option>
 						<option value="none" <%=userInfoEncryptedResponseEnc == "none" ? 'selected' : ''%>>No encryption</option>
 						<option value="A128CBC+HS256" <%=userInfoEncryptedResponseEnc == "A128CBC+HS256" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in Cipher Block Chaining (CBC) mode with PKCS #5 padding with an integrity calculation using HMAC SHA-256, using a 256 bit CMK (and 128 bit CEK)</option>
 						<option value="A256CBC+HS512" <%=userInfoEncryptedResponseEnc == "A256CBC+HS512" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in CBC mode with PKCS #5 padding with an integrity calculation using HMAC SHA-512, using a 512 bit CMK (and 256 bit CEK)</option>
@@ -490,6 +494,7 @@
                 <div class="controls">
 					<select>
 						<!-- TODO: this should be filled out by the server, perhaps? -->
+						<option value="default" <%=idTokenSignedResponseAlg == null ? 'selected ' : ''%>>Use server default</option>
 						<option value="none" <%=idTokenSignedResponseAlg == "none" ? 'selected' : ''%>>No digital signature</option>
 						<option value="HS256" <%=idTokenSignedResponseAlg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option>
 						<option value="HS384" <%=idTokenSignedResponseAlg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option>
@@ -509,6 +514,7 @@
                 <div class="controls">
 					<select>
 						<!-- TODO: this should be filled out by the server, perhaps? -->
+						<option value="default" <%=idTokenEncryptedResponseAlg == null ? 'selected ' : ''%>>Use server default</option>
 						<option value="none" <%=idTokenEncryptedResponseAlg == "none" ? 'selected' : ''%>>No encryption</option>
 						<option value="RSA1_5" <%=idTokenEncryptedResponseAlg == "RSA1_5" ? 'selected' : ''%>>RSAES-PKCS1-V1_5</option>
 						<option value="RSA-OAEP" <%=idTokenEncryptedResponseAlg == "RSA-OAEP" ? 'selected' : ''%>>RSAES using Optimal Asymmetric Encryption Padding (OAEP)</option>
@@ -527,6 +533,7 @@
                 <div class="controls">
 					<select>
 						<!-- TODO: this should be filled out by the server, perhaps? -->
+						<option value="default" <%=idTokenEncryptedResponseEnc == null ? 'selected ' : ''%>>Use server default</option>
 						<option value="none" <%=idTokenEncryptedResponseEnc == "none" ? 'selected' : ''%>>No encryption</option>
 						<option value="A128CBC+HS256" <%=idTokenEncryptedResponseEnc == "A128CBC+HS256" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in Cipher Block Chaining (CBC) mode with PKCS #5 padding with an integrity calculation using HMAC SHA-256, using a 256 bit CMK (and 128 bit CEK)</option>
 						<option value="A256CBC+HS512" <%=idTokenEncryptedResponseEnc == "A256CBC+HS512" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in CBC mode with PKCS #5 padding with an integrity calculation using HMAC SHA-512, using a 512 bit CMK (and 256 bit CEK)</option>