...
The OIDC "issuer" value needs to be determined, and the OpenID discovery document needs to be made accessiibleaccessible.
The issuer value is set in conf/oidc.properties and must be a URL using the "https" scheme that contains host, and optionally, port number and path components and no query or fragment components. It generally must resolve to the root of the deployment in question. As a result, while it may be the same as one's SAML entityID, it often cannot be, as SAML does not conflate identity and location in this fashion.
...