Dear Partners,
We would like to inform you of an upcoming change to Corppass that may affect your OpenID Connect (OIDC) client configuration.
As part of our ongoing security enhancements, Corppass will no longer allow HTTPS redirects on clients' configured JSON Web Key Set (JWKS) URLs. During key retrieval, Corppass will only accept direct responses from the configured JWKS endpoint.
This change has been deployed in the Staging environment and will be rolled out to Production on 11 August 2026.
What you need to do
Before the Production rollout, please review the JWKS URL configured for your OIDC client(s) and ensure that it:
- Does not rely on HTTPS redirects
- Directly serves the JWKS document from the configured URL
If your JWKS URL currently uses redirects, please update your configuration so that the configured URL serves the JWKS document directly.
Please complete any necessary changes in Production by 11 August 2026. Failure to do so may result in authentication failures once this change takes effect.
If you have already verified that your JWKS URL meets these requirements, no further action is required.
Should you have any questions or require assistance, please reach out to us here. Thank you for your cooperation and continued support.
Best regards,
Corppass Team
Comments
0 comments
Please sign in to leave a comment.