Assist with oidc example within jenkinsci helm chart

Could someone give me an assist? I haven’t quite been able to figure out how to configure jenkins to work with my keycloak setup via the helm chart configuration. Here’s what I got at the moment:

jenkins:
  persistence:
    enabled: true
    size: "20Gi"

  agent:
    jenkinsUrl: http://jenkins.jenkins.svc.cluster.local:8081
    resources:
      requests:
        ephemeral-storage: "1Gi"
      limits:
        ephemeral-storage: "2Gi"

  controller:
    adminPassword: <secret>
    JCasC:
      securityRealm: |
        oic:
          clientId: "k.vc-prod.jenkins"
          clientSecret: <secret>
          wellKnownOpenIDConfigurationUrl: "https://keycloak.vc-prod.k.home.net/auth/realms/home/.well-known/openid-configuration"
          scopes: "openid email profile offline_access"
          userNameField: "username"

    installPlugins:
    - kubernetes:3600.v144b_cd192ca_a_
    - workflow-aggregator:581.v0c46fa_697ffd
    - git:4.11.3
    - configuration-as-code:1429.v09b_044a_c93de 
    - oic-auth:1.8

    # exposes 8081 which appears with httpsKeyStore
    extraPorts:
    - name: keystorerelated
      port: 8081

    ingress:
      enabled: true
      ingressClassName: nginx
      paths:
      - pathType: ImplementationSpecific
        backend:
          service:
            name: jenkins
            port:
              number: 8081
      annotations:
        cert-manager.io/issuer: "cluster-adcs-issuer"                   #use specific name of issuer
        cert-manager.io/issuer-kind: "ClusterAdcsIssuer"                #or ClusterAdcsIssuer
        cert-manager.io/issuer-group: "adcs.certmanager.csf.nokia.com"
        nginx.ingress.kubernetes.io/rewrite-target: /
        nginx.ingress.kubernetes.io/proxy-body-size: 1000m

    httpsKeyStore:
      enable: true
      password: <password>
      fileName: "cacerts"
      #fileName: "jssecacerts"
      path: "/opt/java/openjdk/lib/security"
      jenkinsKeyStoreBase64Encoded: |
        /u3+7QAAAAIAAACCAAAAAgASL3RtcC9jYS1idW5kbGUtMTE5AAABgeW+ND8A...

Shouldn’t this be oidc?

This got me going. Here’s what I came up with for anyone who might come along later with the same question. My provider was a keycloak server w/ a groups mapper enabled:

      securityRealm: |
        oic:
          clientId: "k.vc-prod.jenkins"
          clientSecret: "<hidden>"
          wellKnownOpenIDConfigurationUrl: "https://keycloak.vc-prod.k.home.net/auth/realms/home"
          tokenServerUrl: "https://keycloak.vc-prod.k.home.net/auth/realms/home/protocol/openid-connect/token"
          authorizationServerUrl: "https://keycloak.vc-prod.k.home.net/auth/realms/home/protocol/openid-connect/auth"
          scopes: "openid email profile offline_access"
          disableSslVerification: false
          endSessionEndpoint: "https://keycloak.vc-prod.k.home.net/auth/realms/home/protocol/openid-connect/logout"
          escapeHatchEnabled: false
          logoutFromOpenidProvider: true
          userNameField: "preferred_username"
          emailFieldName: "email"
          groupsFieldName: "groups"