When using mod_auth_openidc to authenticate against a Keycloak IDP, there needs to be the additional option `OIDCTokenBindingPolicy "disabled"` set. This will prevent mod_auth_openidc from including the field `id_token_token_binding_cnf ` which, as of now, is not supported by Keycloak (see https://github.com/keycloak/keycloak/issues/22323 for reference).
Since wsgi-keystone.conf is not merged with custom config, it is not very easy to change this option without creating an entire own full config.
When using mod_auth_openidc to authenticate against a Keycloak IDP, there needs to be the additional option `OIDCTokenBindi ngPolicy "disabled"` set. This will prevent mod_auth_openidc from including the field `id_token_ token_binding_ cnf ` which, as of now, is not supported by Keycloak (see https:/ /github. com/keycloak/ keycloak/ issues/ 22323 for reference).
Since wsgi-keystone.conf is not merged with custom config, it is not very easy to change this option without creating an entire own full config.