By using AWS re:Post, you agree to the Terms of Use

OIDC Provider Couldn't retrieve verification key from your identity provider

0

I am trying to create Keycloak as an Identity Provider in the console but I am getting a "Could not connect to openid configuration of provider" when I click get thumbprint.

I am able to create the OIDC provider through the CLI, but when I try to do a AssumeRoleWithWebIdentity call, I get "couldn't retrieve verification key from your identity provider, please reference AssumeRoleWithWebIdentity documentation for requirements"

I have referenced https://forums.aws.amazon.com/thread.jspa?threadID=248411&tstart=0 and https://forums.aws.amazon.com/thread.jspa?messageID=600673

The jwks uri exists at the provider url appended with "/.well-known/openid-configuration". I am using self signed certs for Keycloak, and still not entirely sure whether this is okay.

I have also referenced https://forums.aws.amazon.com/thread.jspa?threadID=254423 and have tried with both wildcard and non-wildcard self signed certs.

Been stuck on this for a while, anyone have any insight? Thank you.