Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Johan Grall (JohanG54)
Societe Generale Corporate & Investment Banking

Societe Generale Corporate & Investment Banking
FR
JohanG54 Member since 2019 3 posts
Societe Generale Corporate & Investment Banking
Posted: Sep 3, 2020
Last activity: Sep 15, 2020
Posted: 3 Sep 2020 6:01 EDT
Last activity: 15 Sep 2020 3:38 EDT
Closed
Solved

Unable to use expression when map operator id from claim in OpenID authentication service

Hi,

 

I currently use Pega Platform 8.3.

we have implemented an OpenID Connect SSO authentication service.

My problem is about Operator identification with claim info (I don't use operator provisioning).

Currently, claim data "sesame_id" is used to find the operator and it works: Map sesame_id from claim into pyUserIdentifier

Example: my operator identifier in Pega is "johan.grall" and sesame_id from claim is "johan.grall". Mapping works and I'm log with operator "johan.grall".

 

There is a new behavior to manage claim data "sesame_id" which contains a '-' character. In this case, the corresponding operator id in Pega contains a '_' character instead of '-'.

Example: my operator identifier in Pega is "johan_grall" and sesame_id from claim is "johan-grall"

I try to use an expression when mapping operator id but it doesn't work: Map operatorID with data from claim with expression

When I connect, error massage "Unable to execute OIDC flow : Unable to derive operator from IDToken" is displayed. No error message in log, even if I set "debug level" for OIDC logger.

Show More

Hi,

 

I currently use Pega Platform 8.3.

we have implemented an OpenID Connect SSO authentication service.

My problem is about Operator identification with claim info (I don't use operator provisioning).

Currently, claim data "sesame_id" is used to find the operator and it works: Map sesame_id from claim into pyUserIdentifier

Example: my operator identifier in Pega is "johan.grall" and sesame_id from claim is "johan.grall". Mapping works and I'm log with operator "johan.grall".

 

There is a new behavior to manage claim data "sesame_id" which contains a '-' character. In this case, the corresponding operator id in Pega contains a '_' character instead of '-'.

Example: my operator identifier in Pega is "johan_grall" and sesame_id from claim is "johan-grall"

I try to use an expression when mapping operator id but it doesn't work: Map operatorID with data from claim with expression

When I connect, error massage "Unable to execute OIDC flow : Unable to derive operator from IDToken" is displayed. No error message in log, even if I set "debug level" for OIDC logger.

I have tested several thing but same issue:

  • {sesame_id} instead of sesame_id
  • Use data page "D_pyUserInfoClaims" (but seems this data page use info from operator; means that operator should be identified before use this data page).
  • Use "mapping" tab but mapping seems run after operator identification.

 

Do you have idea on why I'm not able to use expression to map operator id from claim ?

 

Thanks,

 

Johan

Show Less
To see attachments, please log in.
Pega Platform 8.3
System Administration
Other Industry
Lead System Architect

Accepted Solution

Posted: 4 years ago
Updated: 4 years ago
Posted: 15 Sep 2020 3:37 EDT
Updated: 15 Sep 2020 3:38 EDT
Johan Grall (JohanG54)
Societe Generale Corporate & Investment Banking

Societe Generale Corporate & Investment Banking
FR

Hi,

 

Solution has been found. Just need to use correct parameter for the expression and reference the claim data:

Correct expression

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice