OpenID Connect configuration has "jwks_uri" with "api-int"

Solution Verified - Updated -

Issue

  • When accessing the OpenID (OIDC) configuration URL https://api.openshift.example.com:6443/.well-known/openid-configuration an jwks_uri endpoint containing an api-int URL is returned, see below. The expectation is that the api URL is returned instead of the api-int URL:
curl -s https://api.openshift.example.com:6443/.well-known/openid-configuration | jq
{
  "issuer": "https://kubernetes.default.svc",
  "jwks_uri": "https://api-int.openshift.example.com:6443/openid/v1/jwks",
  "response_types_supported": [
    "id_token"
  ],
  "subject_types_supported": [
    "public"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ]
}

Environment

  • Red Hat OpenShift Container Platform (OCP) 4.12, 4.13, 4.14

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content