Skip to main content

Question

 Vidhya Rajappa (VidhyaR0457)
ACP Computer Training and Consultancy

ACP Computer Training and Consultancy
IN
VidhyaR0457 Member since 2017 2 posts
ACP Computer Training and Consultancy
Posted: Aug 26, 2024
Last activity: Sep 9, 2024
Posted: 26 Aug 2024 6:08 EDT
Last activity: 9 Sep 2024 12:30 EDT

OIDC Authentication- Token endpoint validation

I'm configuring OIDC authentication in Pega, but I've encountered an issue. Pega currently supports only signed or plain ID tokens, while my Identity Provider (IDP) returns encrypted ID tokens that require decryption. Could you guide me on where the ID token can be decrypted within Pega, and if there are any extension points related to token endpoint validation that could help with this?

***Edited by Moderator Rupashree S. to add Capability tags***
To see attachments, please log in.
Pega Platform
Security

  • Reply
Posted: 4 months ago
Posted: 9 Sep 2024 12:30 EDT
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

@VidhyaR0457   Pega does not natively support decryption of encrypted ID tokens. However, you can extend the OIDC authentication service to handle this. You can use a custom Java step in an activity to decrypt the ID token after it is received. The OIDCClientHandler class can be extended to include custom logic for decrypting the token. Additionally, you can use the D_pzSSOAttributes data page to access and manipulate the token claims after decryption. Ensure you have the necessary decryption keys available in your keystore.

⚠ This is a GenAI-powered tool. All generated answers require validation against the provided references.

References: 🌕 Troubleshooting OpenID Connect (OIDC) integrations

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice