How to build SSO with OIDC (OpenID Connect)

General
,
1

Hi,

Though SAML is still widely used, OIDC (OpenID Connect) is rapidly growing in popularity and more and more Pega customers are adopting OIDC for Single Sign On. In this post, I will share how to build OIDC SSO using Okta, Keycloak and Google as OP (OpenID Provider). The tutorials attached include the following contents.

1. Okta (Cloud)

  1. Set up Okta

1-1. Create an application

1-2. Add person

  1. Configure Pega Platform

  2. Mapping claims

3-1. JWT (ID Token)

3-2. UserInfo

2. Keycloak (On-Premise)

  1. Set up Keycloak

1.1. Install JDK

1-2. Install Keycloak

1-3. Create an admin user

1-4. Create a realm

1-5. Create a user

1-6. Set up clients

  1. Configure Pega Platform

  2. Mapping claims

3-1. Keycloak out-of-the-box attributes

3-2. Custom attributes

3. Google (Cloud)

  1. Set up Google

1-1. Create a project

1-2. Configure OAuth consent screen

1-3. Create OAuth client

  1. Configure Pega Platform

  2. Network consideration

3-1. Pega Cloud

3-2. Registering domain for your local PC

  1. Mapping claims

Hope this helps.

Thanks,

HowToBuildOpenIDConnectSSOWithOkta.xlsx (5.11 MB)

HowToBuildOpenIDConnectSSOWithKeyCloak.xlsx (5.63 MB)

HowToBuildOpenIDConnectSSOWithGoogle.xlsx (3.64 MB)

2

@KenshoTsuchihashi Thank you

3

@KenshoTsuchihashi How to send code challenge for OpenID we are getting below error message without code

“Unable to execute OIDC flow : FBTOAU202E The required parameter: [code_challenge] was not found in the request.”

Unable to execute OIDC flow : The required parameter: [code_challenge] was not found in the request. | Support Center (pega.com)