By default, Defguard uses HMAC algorithm for OIDC token validation and the. If you want to use RSA, you'll have to configure the Defguard core DEFGUARD_OPENID_KEY configuration variable with the path to the RSA private key.

You can generate the RSA key with:

openssl genpkey -out /path/to/rsakey.pem -algorithm RSA -pkeyopt rsa_keygen_bits:4096