Hi,

Just starting out with Workspace One Access and trying to get our website to authenticate using OpenID with Workspace One acting as the IDP. I’ve setup an SAAS web app as per the guidance and enabled the required scopes.

Our site correctly forwards to the login screen, but after inputting credentials, authentication fails with this error validating the identity token:

OpenId: IDX10511: Signature validation failed. Keys tried: 'System.Text.StringBuilder'.IDX10511: Signature validation failed. Keys tried: 'System.Text.StringBuilder'Warn: ActCon: The following error was returned by the IDP: IDX10511: Signature validation failed. Keys tried: 'System.Text.StringBuilder'.

Based on the jwks endpoint, it suggests the token provided will use the algorithm RS256:

But when we’ve checked the token via jwt.io, we can only validate the signature using H256, suggesting RS256 isn’t being used as the endpoint suggests. Our developers suspect this mismatch is causing the problem.

Has anyone come across this problem before? Perhaps we’re not using the correct jwks endpoint? Thanks.