Closed
Description
I misconfigured my overlay today. I had an identity enrolled via OTT with secondary auth needed via a different auth policy than the default.
After successfully completing the pkce flow and submitting the jwt, the controller informed me i did not authenticate properly because the wrong identity was mapped to the external id.
Enhance the logging to indicate the identity discovered by external id so that I would have known I mismapped it