The console target in monitoring shows down after OCP BYO external oidc is configured

build 4.18,openshift/cluster-authentication-operator#713,openshift/cluster-authentication-operator#740,openshift/cluster-kube-apiserver-operator#1760,openshift/console-operator#940
    

Always
    

1. Launch a TechPreviewNoUpgrade standalone OCP cluster with above build.

2. Login to console Administrator page, click left Observe -> Targets, click "Filter", all show "Up".

Meantime, check from CLI, the target returns 200, good:
$ oc rsh -n openshift-monitoring prometheus-k8s-0
sh-5.1$ curl -I -k -H "Authorization: Bearer `cat /var/run/secrets/kubernetes.io/serviceaccount/token`" https://console.openshift-console.svc/metrics
HTTP/1.1 200 OK

3. Configure BYO external OIDC in this OCP cluster using keycloak. KAS and console pods can roll out successfully. oc login and console login to keycloak can succeed.

4. In console Administrator home page, below is seen:
  TargetDown
  Nov 26, 2024, 2:45 PM
  100% of the console/console targets in openshift-console namespace have been unreachable for more than 15 minutes. This may be a symptom of network connectivity issues, down nodes, or failures within these components. Assess the health of the infrastructure and nodes running these targets and then contact support.

Click left Observe -> Targets, click "Filter", the console target shows "Down". Click it, it shows:
Scrape failed
server returned HTTP status 401 Unauthorized

Meantime, check from CLI, the target returns bad now:
$ oc rsh -n openshift-monitoring prometheus-k8s-0
sh-5.1$ curl -I -k -H "Authorization: Bearer `cat /var/run/secrets/kubernetes.io/serviceaccount/token`" https://console.openshift-console.svc/metrics
HTTP/1.1 401 Unauthorized

Step 4, The console target shows Down exactly after OCP BYO external oidc is configured, as above details.

Should not become Down.