Configuring the identity provider for an OpenID Connect SSO authentication service – Advanced Configuration
Version:
You can fine-tune the interaction of Pega Platform and your OpenID Connect authentication provider by supplying additional parameters.
-
Open the service from the navigation panel in Dev Studio by clicking and choosing a service from the instance list.
-
On the OpenID Connect tab, expand the Advanced configurations section.
-
In the Client authentication scheme section, select the authentication scheme.
- Basic
- POST
-
In the Send access token as section, select how to send the access token:
- Authorization header
- Query string parameter
-
In the Secure protocol configuration section, complete the following fields:
-
In the Lowest allowable SSL/TLS version field, select the lowest allowable SSL or TLS version for communicating with your identity provider.
-
In the Truststore field, press the Down Arrow and select the truststore record that is used for secure access.
-
In the Keystore field, press the Down Arrow and select the keystore record that is used for secure access.
-
-
Click Save.
- Authentication services
To override or extend the default authentication process, create and configure an authentication service.
- More about authentication services
This page describes additional topics relevant to authentication services that are not directly referenced on the rule form.
- Configuring an OpenID Connect SSO authentication service
After you create an OpenID Connect SSO authentication service, configure it so that Pega Platform uses the specified identity provider for authenticating users. You can map claims from the OpenID Connect provider to properties in Pega Platform, and configure optional features such as preauthentication and postauthentication activities and operator provisioning.