iss may need clarification that it is a https: scheme URI in sec 220.127.116.11
One or more interop participants are using host names as issuer without a scheme
This is clear in discovery.
In Messages the definition of issuer identifier Verifiable identifier for an Issuer. An Issuer Identifier is a URL using the https scheme that contains scheme, host, and OPTIONALLY, port number and path components. (No query or fragment components MAY be present.)
Also Sec 9.14
OpenID Connect supports multiple issuers per Host and Port combination. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
OpenID Connect treats the path component of any URI as part of the user identifier. For instance, the subject "1234" with an issuer of "https://example.com" is not equivalent to the subject "1234" with an issuer of "https://example.com/sales".