From 8930759ab8034581afd95ce19fad1d15330c38df Mon Sep 17 00:00:00 2001
From: CEbbinghaus <git@cebbinghaus.com>
Date: Wed, 28 Jan 2026 11:08:35 +1100
Subject: [PATCH] Added signing alg setting to provider yaml

---
 docs/setup/sso.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/setup/sso.md b/docs/setup/sso.md
index e99fe901f..b461315fc 100644
--- a/docs/setup/sso.md
+++ b/docs/setup/sso.md
@@ -423,6 +423,7 @@ Create a OAuth2 Client following the [OAuth2 Setup](https://kanidm.github.io/kan
 upstream_oauth2:
   providers:
     - id: "[ulid]" # randomly generated ulid (https://www.ulidtools.com/)
+      id_token_signed_response_alg: ES256 # This is important since Kanidm doesn't support RS256 by default  
       issuer: "https://<kanidm_instance>/oauth2/openid/<client_id>" # TO BE FILLED
       token_endpoint_auth_method: client_secret_basic
       client_id: "<client-id>" # TO BE FILLED