Example: Set up the PingAuthorize Policy Editor in OIDC mode (generic OpenID Connect provider) - PingAuthorize

Example: Set up the PingAuthorize Policy Editor in OIDC mode (generic OpenID Connect provider) - PingAuthorize - 8.3

PingAuthorize

bundle

pingauthorize-83

ft:publication_title

PingAuthorize

Product_Version_ce

PingAuthorize 8.3

category

Product

paz-83

pingauthorize

ContentType_ce

Page created: 9 Feb 2021 |

Page updated: 4 Aug 2021

| 1 min read

PingAuthorize 8.3 Product Installation User task Product documentation Content Type

This example sets up the PingAuthorize Policy Editor to handle sign-ons using an arbitrary OpenID Connect (OIDC) provider.

This example departs from the previous example by specifying the OIDC provider’s base URL, rather than a host name and port. This can be useful if the OIDC provider’s autodiscovery and authorization endpoints include an arbitrary prefix, such as a customer-specific environment identifier.

$ bin/setup oidc \
  --oidcBaseUrl https://auth.example.com/9595f417-a117-3f24-a255-5736ab01f543/auth/ \
  --clientId 7cb9f2c9-c366-57e0-9560-db2132b2d813 \
  --generateSelfSignedCertificate \
  --decisionPointSharedSecret pingauthorize \
  --hostname <pap-hostname> \
  --port <pap-port> \
  --adminPort <admin-port> \
  --licenseKeyFile <path-to-license>

The Policy Editor uses the provided OIDC base URL to query the OIDC provider’s autodiscovery endpoint for the information it needs to make OIDC requests. The provided client ID represents the Policy Editor and must be configured in the OIDC provider as well. For more information about configuring an OIDC provider, see Configuring an Authentication Server for OpenID Connect single sign-on.