Using Sitecore product images that contain Windows Server containers updates after September 2021 might result in the Sitecore Identity Server authentication problems (for example, redirection to the https://xp1id.localhost/connect/authorize page instead of successful login on Docker Compose setup) and an error similar to the following in the Sitecore Identity Server logs:
[15:58:47] IdentityServer4.Hosting.IdentityServerMiddleware [Fatal] Unhandled exception: "IDX10630: The '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' for signing cannot be smaller than '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' bits. KeySize: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. (Parameter 'key.KeySize')"
System.ArgumentOutOfRangeException: IDX10630: The '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' for signing cannot be smaller than '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' bits. KeySize: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. (Parameter 'key.KeySize')
at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.ValidateAsymmetricSecurityKeySize(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(SecurityKey key, String algorithm, Boolean willCreateSignatures) ...
The issue occurs when generating the Identity Server certificate ("sitecore-identitycertificate.txt" for k8s and "SITECORE_ID_CERTIFICATE" for compose .env file) with the RSA key size less than 2048 bits. This happens when using Sitecore Docker Tools for certificates generation with the default parameters.
To resolve the issue, consider the following steps: