...
If you have not already done so, register User Administration with your OpenID Connect identity provider. You You can get the values for the attributes used used in the oidc.json file from the authorization server (Keycloak, connect2id, and so on).
Register the necessary redirect URIs so that the OIDC server knows where to send the user after authentication. The
<CTP_DIR>/em/login/oauth2/code/ctpURI should be registered.
...
Open the oidc.json file located in the <TOMCAT_DIR>/webapps/em/config directory to configure the OIDC provider properties used by CTP.
...
CTP's applicationContext-security.xml file, found in the <TOMCAT_DIR>/webapps/em/WEB-INF/classes/META-INF/spring directory, contains the necessary elements to enable OAuth 2.0 authentication, though they are disabled by default in favor of form login authentication. You will need to uncomment the oauth2-login elements and comment out the form-login elements.
...