Advanced OIDC settings

This page is only relevant for OIDC.

CleanShot 2026-05-06 at 09.30.30-20260506-073030.png

JWT claims

Enabling Allow unsigned JWT claims allows Kantega SSO to accept unsigned JWTs. This behaviour was default in versions prior to 8.10.0, but from 8.10.0 and onwards,

Issuer Validation Policy

The issuer validation policy is a defence against mix-up attacks by validating the URL-parameter iss during the authorization response from identity provider. For more information on this counter-measure, see https://www.rfc-editor.org/rfc/rfc9207.html.