Question
Murex
LB
Last activity: 13 Aug 2024 7:45 EDT
Implementing OpenID on Pega - Connection Refused Error
Hello,
For context, in one of our projects we are implementing SAML SSO for user authentication and then we read the user security groups from Azure and we map them into Pega's work group.
We are trying to implement OIDC instead of SAML, so I created an OpenID Connect authentication service and added the metadata from Azure.
Pega successfully connected to Azure, and in the logs I can see a valid access token and a valid ID token.
The access token is then used by Pega to get the user claims but I'm getting the following error :
Exception is thrown for OIDC flow java.lang.RuntimeException: java.net.SocketException: Connection reset
{ "appName ": "PegaRULES ", "eventCategory ": "Authentication event ", "eventType ": "Login ", "id ": "x ", "ipAddress ": "10.xx.xx.x", "message ": "Open ID ConnectConnect Flow failed, AuthService : X Employees Authentication, ErrorMessage : java.net.SocketException: Connection reset ", "nodeID ": "pega-all-5d45fc6f7d-wpwgj ", "outcome ": "Failure ", "tenantID ": "shared ", "timeStamp ": "Thu 2024 Aug 09, 11:23:36:416 "}
After further debugging, Pega is triggering a call
HTTP request method=GET, url=https://graph.microsoft.com/oidc/userinfo
Hello,
For context, in one of our projects we are implementing SAML SSO for user authentication and then we read the user security groups from Azure and we map them into Pega's work group.
We are trying to implement OIDC instead of SAML, so I created an OpenID Connect authentication service and added the metadata from Azure.
Pega successfully connected to Azure, and in the logs I can see a valid access token and a valid ID token.
The access token is then used by Pega to get the user claims but I'm getting the following error :
Exception is thrown for OIDC flow java.lang.RuntimeException: java.net.SocketException: Connection reset
{ "appName ": "PegaRULES ", "eventCategory ": "Authentication event ", "eventType ": "Login ", "id ": "x ", "ipAddress ": "10.xx.xx.x", "message ": "Open ID ConnectConnect Flow failed, AuthService : X Employees Authentication, ErrorMessage : java.net.SocketException: Connection reset ", "nodeID ": "pega-all-5d45fc6f7d-wpwgj ", "outcome ": "Failure ", "tenantID ": "shared ", "timeStamp ": "Thu 2024 Aug 09, 11:23:36:416 "}
After further debugging, Pega is triggering a call
HTTP request method=GET, url=https://graph.microsoft.com/oidc/userinfo
I have reached a dead end as the network connection is open between the kubernetes pods and microsoft, a curl command was successful via ssh as well from the machines, I also installed graph.microsoft.com certificate and its still giving the same error.
Below is my config
Has anyone successfully implemented OIDC with Microsoft Azure in Pega?
Thanks,
Mohamad
Keywords: OIDC, Authentication, SSO, OpenID, OpenID Connect , Azure, User Claims
Accepted Solution
Murex
LB
After further investigation it turned out since we are on Kubernetes every POD that the system goes up on needs the following network whitelisting :
*.microsoft.com/ *.windows.net/ aadcdn.msauthimages.net/ aadcdn.msftauth.net/ autologon.microsoftazuread-sso.com/ lgincdnmsftuswe2.azureedge.net/ login.live.com/ login.microsoft.com/ login.microsoftonline.com/ logincdn.msauth.net/
*.msauth.net *.aadcdn.microsoftonline-p.com *.microsoftonline-p.com