This is a subset of
If a P11RSAPrivateKey is returned from the Java PKCS11 library the private key verification will fail
Configure AM 5.5 to use PKCS#11 (or SoftHSM, NSS, for example).
Example SoftHSM configuration:
Configure OAuth2/OIDC and request an ID token to be signed by an RSA key on the HSM.
Get back a ID token signed by the HSM protected key.