JohanG54 Member since 2019 1 post
Societe Generale Corporate & Investment Banking
Posted: September 3, 2020
Last activity: September 15, 2020

Unable to use expression when map operator id from claim in OpenID authentication service



I currently use Pega Platform 8.3.

we have implemented an OpenID Connect SSO authentication service.

My problem is about Operator identification with claim info (I don't use operator provisioning).

Currently, claim data "sesame_id" is used to find the operator and it works: Map sesame_id from claim into pyUserIdentifier

Example: my operator identifier in Pega is "johan.grall" and sesame_id from claim is "johan.grall". Mapping works and I'm log with operator "johan.grall".


There is a new behavior to manage claim data "sesame_id" which contains a '-' character. In this case, the corresponding operator id in Pega contains a '_' character instead of '-'.

Example: my operator identifier in Pega is "johan_grall" and sesame_id from claim is "johan-grall"

I try to use an expression when mapping operator id but it doesn't work: Map operatorID with data from claim with expression

When I connect, error massage "Unable to execute OIDC flow : Unable to derive operator from IDToken" is displayed. No error message in log, even if I set "debug level" for OIDC logger.

I have tested several thing but same issue:

  • {sesame_id} instead of sesame_id
  • Use data page "D_pyUserInfoClaims" (but seems this data page use info from operator; means that operator should be identified before use this data page).
  • Use "mapping" tab but mapping seems run after operator identification.


Do you have idea on why I'm not able to use expression to map operator id from claim ?





Pega Platform 8.3 System Administration Other Industry Lead System Architect
Share this page LinkedIn