cherry-pick: RHIDP-7912: omitIdentityTokenOwnershipClaim flag (#1487)

assemblies/assembly-authentication-troubleshooting.adoc

@@ -0,0 +1,9 @@
+:_mod-docs-content-type: ASSEMBLY
+
+[id="authentication-troubleshooting"]
+
+= Troubleshooting authentication issues
+
+Learn how to troubleshoot authentication issues.
+
+include::modules/authentication/proc-reducing-token-size.adoc[leveloffset=+1]

assemblies/assembly-enabling-authentication.adoc

@@ -18,3 +18,5 @@ include::modules/authentication/proc-enabling-user-authentication-with-github.ad
 
 include::modules/authentication/proc-enabling-user-authentication-with-microsoft-azure.adoc[leveloffset=+1]
 
+include::assembly-authentication-troubleshooting.adoc[leveloffset=+1]
+

modules/authentication/proc-reducing-token-size.adoc

@@ -0,0 +1,20 @@
+:_mod-docs-content-type: PROCEDURE
+
+[id="reducing-token-size"]
+= Reducing the size of issued tokens
+
+By default, the authentication backend issues user identity tokens with ownership references of the user in the `ent` claim of the JSON Web Token (JWT) payload.
+This makes it easier for consumers of the token to resolve ownership of the user.
+However, depending on the structure of your organization and how you resolve ownership claims, the tokens can grow large and cause HTTP errors that prevent you from accessing parts of {product-very-short}.
+Use the `omitIdentityTokenOwnershipClaim` flag to remove the `ent` claim from tokens and reduce their size.
+
+.Procedure
+
+. In the `{my-app-config-file}` file, set `omitIdentityTokenOwnershipClaim` to `true` as follows:
++
+[source,yaml]
+----
+auth:
+  omitIdentityTokenOwnershipClaim: true
+----
+