LATEST VERSION: 1.5 - CHANGELOG
Single Sign-On v1.5

Plan-to-Plan OIDC Integration Guide

This topic describes how to set up the Pivotal Cloud Foundry (PCF) Single Sign-On (SSO) to integrate a SSO Service Plan as an OpenID Connect (OIDC) identity provider.

Service plans are represented in User Access and Administration (UAA) as identity zones. UAA provides the ability to integrate any two UAAs with one acting as the relying party and the other acting as the identity provider. This includes identity zones within the same multi-tenant UAA, as well as separate UAA instances, such as the Bosh UAA, Ops Manager UAA, or a standalone UAA (provided they are on a version that has OIDC implemented). This topic explains how you can perform the integration from one SSO service plan to another through the SSO service tile.

Prerequisites

To integrate Plan-to-Plan OIDC with PCF, you need:

  • PCF v1.12 or later
  • Single Sign-On v1.5.0 or later
  • An active SSO Service Plan that will act as an identity provider
  • A second active SSO Service Plan that will act as the relying party
  • A user with Administrator privileges

Note: To configure OIDC according to these steps, you must have the Single Sign-On service broker installed in your PCF deployment. You need to create a plan, add any plan administrators, and specify any organizations for which this plan should be the authentication authority. For help configuring plans, see Manage Service Plans.

Integrate a Plan-to-Plan OIDC for SSO

Complete this process to set up Plan-to-Plan OIDC integration for the SSO service. For more information, see Configure Plan-to-Plan OIDC Integrations.

Test the OIDC Connection

Once you’ve configured the Plan-to-Plan OIDC integration for SSO, you can test it to confirm it works. For more information, see Test OIDC Integrations.

Troubleshooting

For information about common configuration problems and error states, see Troubleshoot Plan-to-Plan OIDC Integrations.

Create a pull request or raise an issue on the source for this page in GitHub