Set up PingFederate IdP for OAuth/OIDC
Configure SSO with PingFederate as IdP
PingFederate Configuration
{
"id": "PingFederateJWT-Demo",
"tenants": [
"tenant04"
],
"description": "Customer with PingFederate with JSON Web Token used as authorization server",
"passwordPolicy": {
},
"externalProviderConfig": {
"vendor": "ping_jwt",
"loginEndpoint": "https://pingstage.customer.com/as/authorization.oauth2",
"tokenEndpoint": "https://pingstage.customer.com/as/token.oauth2",
"userInfoEndpoint": "https://pingstage.customer.com/idp/userinfo.openid",
"revokeEndpoint": "https://pingstage.customer.com/as/revoke_token.oauth2",
"callbackEndpoint": "https://auth-cust.reltio.com/oauth/callback",
"clientId": "reltio",
"clientSecret": "********",
"scope": "profile email",
"userIdMapping": "sub",
"defaultNewUserRoleList": [
"ROLE_USER",
"ROLE_API"
],
"userGroupsMapping": "groups",
"userGroupRegExp": "OU=([a-zA-Z0-9_]*).*?",
"defaultGroups": ["QA_Group","Dev_Group"]
}
}PingFederate with JSON Web Token Configuration
{
"id":"PingFederateJWT-Demo",
"tenants": [
"tenant04"
],
"description": "Customer with PingFederate with JSON Web Token used as authorization server",
"passwordPolicy": {
},
"externalProviderConfig": {
"vendor": "ping_jwt",
"loginEndpoint": "https://pingstage.customer.com/as/authorization.oauth2",
"tokenEndpoint": "https://pingstage.customer.com/as/token.oauth2",
"userInfoEndpoint": "https://pingstage.customer.com/idp/userinfo.openid",
"revokeEndpoint": "https://pingstage.customer.com/as/revoke_token.oauth2",
"callbackEndpoint": "https://auth-cust.reltio.com/oauth/callback",
"clientId": "reltio",
"clientSecret": "********",
"scope": "profile email",
"userIdMapping": "sub",
"defaultNewUserRoleList": [
"ROLE_USER",
"ROLE_API"
],
"userGroupsMapping": "groups",
"userGroupRegExp": "OU=([a-zA-Z0-9_]*).*?",
"defaultGroups": ["QA_Group","Dev_Group"]
}
}