I’m trying to set up Kong Manager (2.5.x) with Ping OIDC. I got to the point where the Manager UI redirects to Ping to log in, but it immediately gives me an error like this once I log in to Ping:

https://kong-admin.mydomain.com/auth?code=xxx&state=yyy
{"message":"Invalid credentials. Token or User credentials required"}

My admin_gui_auth_conf_secret looks like this:

{                                      
    "issuer": "https://auth.pingone.com/zzz/as/.well-known/openid-configuration",
    "consumer_by": [ "username", "id", "custom_id" ],
    "consumer_claim": [ "username" ],
    "client_id": ["client id"],
    "client_secret": ["client secret"],
    "authenticated_groups_claim": ["group"],
    "ssl_verify": false,
    "leeway": 60,
    "logout_methods": ["GET", "DELETE"],
    "logout_query_arg": "logout",
    "redirect_uri": [ "https://kong-admin.mydomain.com/auth" ],
    "login_redirect_uri": [ "https://kong-admin.mydomain.com" ],
    "scopes": ["openid", "profile", "email"],
    "auth_methods": ["authorization_code"]
}

The domain name for Kong Manager is kong-manager.mydomain.com and the Admin API is at kong-admin.mydomain.com, both are being served from the default https port (443).

Any ideas on what’s wrong with my configuration?