Configure OpenID Connect (OIDC) token provider settings in PingAccess.
- Click Settings and then go to System > Token Provider > Common > OpenID Connect.
- In the Issuer field, enter the OIDC provider’s issuer identifier.
- In the Description field, enter a description for the token provider.
- Select the Audit check box to record requests to OIDC provider to the audit store.
-
From the Trusted Certificate Group list, select the
group of certificates to use when authenticating to OIDC provider.
PingAccess requires that the certificate in use by OIDC provider anchor to a certificate in the associated Trusted Certificate Group.
- If required, click + Add Query Parameter and enter custom query parameter name and value pairs used by the OIDC provider.
-
To configure advanced settings, click Show
Advanced.
-
To use a configured proxy, select the Use Proxy
check box.
Note:
If the node is not configured with a proxy, requests are made directly to the token provider. See Adding proxies for more information about creating proxies.
-
Select Use Single-Logout to enable single logout
(SLO) when the /pa/oidc/logout/ endpoint is
accessed to clear the cookie containing the PingAccess token. If this
option is selected, PingAccess sends a logout request to the token
provider, which completes a full SLO flow.
To use this feature, single logout (SLO) must be configured on the OIDC provider.
- Select Request Supported Scopes Only to limit the requested scopes to those advertised in the OIDC metadata.
-
To use a configured proxy, select the Use Proxy
check box.
- Click Save.
Once you have successfully configured the token provider, click View Metadata to display the metadata provided by the token provider. To update the metadata, click View Metadata > Refresh Metadata.