The issueridentifier parameter defines the expected issuer (iss). This parameter is optional.

The issuer (iss) claim is the default realm name and used as the subject realm. The issueridentifier parameter must match the issuer claim value in the JWT.
Default value
There is no default value for this parameter.
  1. If a REALMNAME claim is included in the JWT token, the REALMNAME claim is used as the subject realm instead of the iss claim.
  2. If both REALMNAME and REALMIDENTIFIER are configured,REALMNAME takes precedence and REALMIDENTIFIER is ignored.
  3. If REALMNAME, REALMIDENTIFIER, and issuer claim are not configured, then we propagate "*" as realm name.