First of all, let me thank you for all the help you have given so far in my effort to get a Single Page Application OpenId Connect Proof of Concept working using the gluu server. Second, I am trying to figure out why my server isn't returning the same data as the idp.gluu.org on the <server>/oxauth/seam/resource/restv1/oxauth/jwks endpoint (jwks_uri from .well-known/configuration) For example, on the idp.gluu.org uri we see the following data (key data removed for brevity's sake): {"keys": [ { "kty": "RSA", "kid": "1", "use": "sig", "alg": "RS256", "n": "<keydata>", "e": "AQAB", "x5c": ["<keydata>"] }, ... ]} Whereas my server only contains this information: {"keys": [ { "kty": "RSA", "kid": "bb131cd9-6424-48c2-8e56-a64ef1454500", "use": "sig", "alg": "RS256", "n": "<keydata>", "e": "AQAB" }, ... ]} As you can see, I am missing the x5c line from my keys. I tried to find some documentation that listed how to get those keys installed, but all I could find was a cached doc that no longer exists on docs.gluu.org detailing the usage of the source of the oxAuth server and a mvn command to generate the keys. What do I need to do to fill in the x5c key on my server so my client can decrypt the tokens received from my gluu server? Thanks, Nathan