...
If you have not already done so, register User Administration with your OpenID Connect identity provider. You You can get the values for the attributes used used in the oidc.json file from the authorization server (Keycloak, connect2id, and so on).
Register the necessary redirect URIs so that the OIDC server knows where to send the user after authentication. The
<CTP_DIR>/em/login/oauth2/code/ctp
URI should be registered.
...
Open the oidc.json file located in the <TOMCAT_DIR>/webapps/em/config
directory to configure the OIDC provider properties used by CTP.
...
CTP's applicationContext-security.xml file, found in the <TOMCAT_DIR>/webapps/em/WEB-INF/classes/META-INF/spring
directory, contains the necessary elements to enable OAuth 2.0 authentication, though they are disabled by default in favor of form login authentication. You will need to uncomment the oauth2-login elements and comment out the form-login elements.
...