This example departs from the previous example by specifying the OIDC provider’s base URL, rather than a host name and port. This can be useful if the OIDC provider’s autodiscovery and authorization endpoints include an arbitrary prefix, such as a customer-specific environment identifier.

$ bin/setup oidc \
  --oidcBaseUrl \
  --clientId 7cb9f2c9-c366-57e0-9560-db2132b2d813 \
  --generateSelfSignedCertificate \
  --decisionPointSharedSecret pingauthorize \
  --hostname <pap-hostname> \
  --port <pap-port> \
  --adminPort <admin-port> \
  --licenseKeyFile <path-to-license>

The Policy Editor uses the provided OIDC base URL to query the OIDC provider’s autodiscovery endpoint for the information it needs to make OIDC requests. The provided client ID represents the Policy Editor and must be configured in the OIDC provider as well. For more information about configuring an OIDC provider, see Configuring an Authentication Server for OpenID Connect single sign-on.