Chase Morgan has a security requirement to disable UserInfo in their ADFS server.
curls to the ADFS to obtain a token will fail with
~~~
Error: non-200 response from UserInfo: 401, WWW-Authenticate=Bearer error="invalid_token", error_description="MSIS9921: Received invalid UserInfo request. Audience 'https://oauth-openshift.apps.wh-ngcptnt1.svr.us.jpmchase.net/oauth2callback/adfs' in the access token is not same as the identifier of the UserInfo relying party trust 'urn:microsoft:userinfo'."r
~~~

That is with the below authconfig
~~~
urls:
authorize: https://mysso.example.com/auth/realms/master/protocol/openid-connect/auth
token: https://mysso.example.com/auth/realms/master/protocol/openid-connect/token
userInfo: https://mysso.example.com/auth/realms/master/protocol/openid-connect/userinfo
~~~

Removing the userinfo from the authconfig will result in the curls working but results in an unsupported state.
https://access.redhat.com/solutions/6960548
https://access.redhat.com/articles/7064122

They have implemented the fixes from Microsoft that was mentioned in https://issues.redhat.com/browse/RFE-3596 and https://issues.redhat.com/browse/RFE-2770

How can JPMC implement the authconfig to not use userinfo with adfs and not end up unsupported?