Azure AD JWT Token Not Accepted by ServiceNow MCP Server – "Key ID not found in JWKS"

Hi everyone,

I’m currently working on integrating authentication between Microsoft Azure Active Directory and the ServiceNow MCP server, and I’m running into an issue with JWT token validation.

We are implementing a token-based authentication flow where:

• Users are authenticated via Azure AD
• A JWT access token is generated using OAuth 2.0 / OpenID Connect
• This token is then used to authenticate requests to the ServiceNow MCP server

The goal is to enable secure, token-based authentication using Azure AD–issued tokens.

Current Setup

• Identity Provider: Microsoft Azure Active Directory
• Authentication Protocol: OAuth 2.0 / OpenID Connect
• Token Type: JWT Access Token
• API Testing Tool: Insomnia
• Target System: ServiceNow MCP Server

Observed Behavior

• Azure AD authentication is working as expected
  • Successfully generating JWT access tokens via Insomnia
  • Token appears structurally valid and contains expected claims
• However, when using the same token to authenticate with the ServiceNow MCP server:
  • The request fails during authentication

Error Message

What We’re Trying to Understand

• How does ServiceNow MCP validate JWT tokens against JWKS?
• Does MCP require explicit configuration of Azure AD’s JWKS endpoint?
• Are there any additional steps required to trust external IdPs like Azure AD?
• Could this be related to key rotation, kid mismatch, or issuer/audience validation?

Additional Context

• Token includes a kid in the header
• Azure AD JWKS endpoint is accessible and returns signing keys
• No custom token manipulation is being performed

Has anyone successfully configured Azure AD JWT authentication with the ServiceNow MCP server?

Any pointers on:

• Required MCP configuration for external JWKS validation
• Common pitfalls with Azure AD tokens
• Debugging "Key ID not found in JWKS" errors

would be really helpful.

Thanks in advance for your help!