You need to have SSO provider to authenticate. In real time scenario there is other application(siteminder) who does the authentication and pass on as cookies or HTTP header to pega. But for your practice it might be tough to get one.
But for practice you can try to authenticate based on the url. Where you pass the username and password in the url and try to decode the url and establish operator.
I don't have any documentation on it, but I can give brief steps for configuring it.
1. Download the OpenAM-13.0.0 file from ForgeRock
2. deploy the WAR file in PRPC.
3. Create COT, Identity providers and service provider instances and then create Subjects(Users)
4. In the COT level or IDP level do the mapping.
5. Import the IDP metadata
6. In PRPC create a Authentication service and in the mapping tab do the mapping of IDP attributes with PRPC attributs.
7. Save it and access prpc with sso url.
8. Provide the credentials of any subject(operator) of IDP, request goes to IDP and authenticate and redirect to the PRPC(If operator is not there in the PRPC then based on the auth service tab mappings it will create operator using Model Operator of the passed values)
Please understand the different types of authentication mechanisms available in Pega, two of them are 'PRCustom' and 'J2EEContext' container based authentication. SSO can be achieved under both authentication implementations using SAML SSO or Container based SSO supported by additional softwares like SPNEGO and Waffle SSO.
You can start with Authentication service wizard in 'org & security' landing page, you will have two options for PRCustom type of authentication 'WebLDAP' or 'SAML SSO'