OIDC SSO Issues

Having issues getting any applications to work with OIDC SSO. I don't think this is a Big Bang issue per se... but I'm hoping somebody has run into this issue and might be able to help in trouble-shooting?

Essentially, I have two Big Bang deployments, each in two separate AWS organizational accounts. The big bang deployments are 100% identical, well, minus the Domain Name. They are both running Big Bang 2.1.0. One environment has SSO working 100%. The second environment, I can't get any OIDC SSO to work. SAML SSO seems to work fine.

In the second environment, I'm redirected to keycloak successfully. I am able to provide credentials and MFA. But after clicking the MFA button... it basically times out eventually... and most of the errors are timeout errors or 500 error codes.

One thing I have tried is changing the client_id to a shorter string value. For some reason, after doing this... I get a response immediately after clicking on the MFA button... but keycloak resopnse is always invalid username and password, which I know is not correct. And then the error codes look to be 302 error codes instead.

This second environment could have different cloud policies... but I need more troubleshooting information before reaching out to them.