diff --git a/README.md b/README.md
index da4287d4..e838050e 100644
--- a/README.md
+++ b/README.md
@@ -156,6 +156,7 @@ The following table lists the configurable parameters of the nifi chart and the
 | `auth.oidc.clientId`                                                        | oidc clientId                                                                                                      | `nil`                           |
 | `auth.oidc.clientSecret`                                                    | oidc clientSecret                                                                                                  | `nil`                           |
 | `auth.oidc.claimIdentifyingUser`                                            | oidc claimIdentifyingUser                                                                                          | `email`                         |
+| `auth.oidc.preferredJwsAlgorithm`                                            | The preferred algorithm for validating identity tokens. If this value is blank, it will default to RS256 which is required to be supported by the OpenID Connect Provider according to the specification. If this value is HS256, HS384, or HS512, NiFi will attempt to validate HMAC protected tokens using the specified client secret. If this value is none, NiFi will attempt to validate unsecured/plain tokens.                                                                                           | `nil`                         |
 | `auth.oidc.admin`                                                           | Default OIDC admin identity                                                                                        | `nifi@example.com`              |
 | Note that OIDC authentication to a multi-NiFi-node cluster requires Ingress sticky sessions | See [background](https://community.cloudera.com/t5/Support-Questions/OIDC-With-Azure-AD/m-p/232324#M194163)      | Also [how](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) |
 | **postStart**                                                               |
diff --git a/configs/nifi.properties b/configs/nifi.properties
index d4cfd899..06d74aec 100644
--- a/configs/nifi.properties
+++ b/configs/nifi.properties
@@ -197,7 +197,7 @@ nifi.security.user.oidc.connect.timeout=5 secs
 nifi.security.user.oidc.read.timeout=5 secs
 nifi.security.user.oidc.client.id={{.Values.auth.oidc.clientId}}
 nifi.security.user.oidc.client.secret={{.Values.auth.oidc.clientSecret}}
-nifi.security.user.oidc.preferred.jwsalgorithm=
+nifi.security.user.oidc.preferred.jwsalgorithm={{.Values.auth.oidc.preferredJwsAlgorithm}}
 nifi.security.user.oidc.claim.identifying.user={{.Values.auth.oidc.claimIdentifyingUser}}
 nifi.security.user.oidc.additional.scopes={{.Values.auth.oidc.additionalScopes}}
 {{end}}
diff --git a/values.yaml b/values.yaml
index a39199df..58b2e246 100644
--- a/values.yaml
+++ b/values.yaml
@@ -149,6 +149,7 @@ auth:
     clientSecret: #<client_secret_in_oidc_provider>
     claimIdentifyingUser: email
     admin: nifi@example.com
+    preferredJwsAlgorithm: 
     ## Request additional scopes, for example profile
     additionalScopes: