OIPA or PAS UI Configuration

  1. Set application.isSSOEnabled=true in PAS.properties.

  2. Place oidc-config.yaml in the PAS runtime classpath, typically in the external pas/conf directory.

  3. Register the OIDC client in the identity provider:

    • Use the confidential client type.

    • Enable the Authorization Code flow.

    • Configure the redirect URI with the same value as oidc.redirectUri.

    • Include the openid scope.

    • Include the claims that userMapping requires in the tokens.

  4. Ensure that OIPA contains the configured primaryCompanyGUID and defaultSecurityGroupGUID.

  5. Apply the database changelog that creates ASOIDCUSERSESSIONS.