Issue
-
When configuring authentication using OpenID Connect, login fails and the following error is reported:
Unable to validate tokens: Signed JWT rejected: Another algorithm expected, or no matching key(s) found- This error arises when the RS265 is not listed as the first supported algorithm in the
"id_token_signing_alg_values_supported"parameter of the discovery endpoint URL:
"id_token_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512"
],
Environment
- DXP 7.3
Resolution
- This is a known issue reported in LPS-185041. Contact the Liferay support team to build a hotfix or update de portal to DXP 7.3 Update 27.
- As a workaround, users can delete the "Discovery Endpoint" URL and manually enter the information needed to configure the