From 4a2c20d8bbcb109cf9af14ca801dc4f4acc65a02 Mon Sep 17 00:00:00 2001 From: Sylvain Date: Wed, 1 Feb 2023 16:14:37 +0100 Subject: [PATCH] (doc) updated OIDC known issues --- doc/sso_open_id_connect.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/sso_open_id_connect.md b/doc/sso_open_id_connect.md index 017c57862..855bdb610 100644 --- a/doc/sso_open_id_connect.md +++ b/doc/sso_open_id_connect.md @@ -37,3 +37,7 @@ Unable to decode ID token This issue may occur if the ID Token signature algorithm is not set to `RSxxx` on your IDP. Especially, this is not the default option when using LemonLDAP::NG, which uses `HSxxx` as the default algorithm, but you can configure it in `OpenID Connect Relaying Parties` > `my-fab-manager` > `Options` > `Security` > `ID Token signature algorithm`. Using Keycloak, you can configure it in `Clients` > `my-fab-manager` > `Settings` > `Fine Grain OpenID Connect Configuration` > `ID Token Signature Algorithm`. +``` +Issuer mismatch +``` +Check that your configured issuer URL ends with a trailing slash.