Information
The issuer claim in the JWT token is used by the RP (relying party) to verify the OP (OIDC provider) token issuer.
The issuer claim in a JSON Web Token (JWT) should be required and validated by the OpenID Connect relying party. This helps to ensure the authenticity of the JWT by matching the issuer claim to the name attribute or the redirect attribute of the client configuration in the OpenID Connect server provider.
Solution
Add the disableIssChecking attribute to the openidConnectClient element to ${server.config.dir}/configDropins/overrides/*.xml Set the disableIssChecking attribute value to false to ensure that issuer claim checking for JSON Web Tokens occurs.
<openidConnectClient disableIssChecking="false" />