How to manually change the jwks_uri

The OpenID Connect Discovery jwks_uri value is calculated based on server settings (domain, port, ssl enabled/disabled). When PAS is sitting behind a web front / http proxy, the jwks_uri default value will not be correct for external consumers.

To change the jwks_uri value, follow this procedure:

- Login to Configuration Manager

- Browse to Advanced

- Click the pen to the right of OIDC_OP

- Locate the OpenID Connect Provider

- In the config block of the OP, add the correct jwks_uri value to https://<domain>/<tenant>/.well-known/openid-configuration/jwks

Example: