diff --git a/Kernel/Config/Defaults.pm b/Kernel/Config/Defaults.pm
index 51270a331d..58cfd0eb8e 100644
--- a/Kernel/Config/Defaults.pm
+++ b/Kernel/Config/Defaults.pm
@@ -532,6 +532,8 @@ sub LoadDefaults {
 #        given_name  => 'UserFirstname',
 #        family_name => 'UserLastname',
 #    };
+    # For debugging purposes and to help with building the RoleMap e.g. you can dump all IDTokens received to the log
+#    $Self->{'AuthModule::OpenIDConnect::Debug'}->{'LogIDToken'} = 1;
 
 
 
diff --git a/Kernel/System/Auth/OpenIDConnect.pm b/Kernel/System/Auth/OpenIDConnect.pm
index d34d4158fd..d6272f43f0 100644
--- a/Kernel/System/Auth/OpenIDConnect.pm
+++ b/Kernel/System/Auth/OpenIDConnect.pm
@@ -192,6 +192,17 @@ sub Auth {
     return if !$Return->{Success};
 
     my $TokenData  = $Return->{TokenData};
+
+    my $Debug = $ConfigObject->Get('AuthModule::OpenIDConnect::Debug');
+    if ( $Debug && $Debug->{LogIDToken} ) {
+        my $TokenString = $Kernel::OM->Get('Kernel::System::Main')->Dump($TokenData);
+        
+        $Kernel::OM->Get('Kernel::System::Log')->Log(
+            Priority => 'debug',
+            Message  => "Received Token: $TokenString",
+        );
+    }
+
     my $Identifier = $ConfigObject->Get('AuthModule::OpenIDConnect::UID');
     my $UserLogin  = $TokenData->{ $Identifier };
     if ( !$UserLogin ) {
diff --git a/Kernel/System/OpenIDConnect.pm b/Kernel/System/OpenIDConnect.pm
index 1eb1a8967c..15d0afba27 100644
--- a/Kernel/System/OpenIDConnect.pm
+++ b/Kernel/System/OpenIDConnect.pm
@@ -532,7 +532,7 @@ sub _ProviderDataGet {
     # set cache for 30 minutes or configured time
     $Kernel::OM->Get('Kernel::System::Cache')->Set(
         Type => 'OpenIDConnect',
-        Key  => 'ProviderData' . $Param{ProviderSettings}{Name} // '',
+        Key  => 'ProviderData' . ( $Param{ProviderSettings}{Name} // '' ),
         Value => $Return,
         TTL   => $Param{ProviderSettings}{Name} // 1800,
     );