When running UpdateOIDCClientConfig.sh, the script fails and reports error:
 
  # UpdateOIDCClientConfig.sh
 

 This command updates EnableWellKnownConfig attribute to true for all the OIDC clients having EnableWellKnownConfig as blank or false. Are you sure, you want to continue? (Yes/No):Yes
 

 Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/LogManager
          at com.ca.siteminder.sdk.adminapi.DataDictionary.<clinit>(Unknown Source)
          at com.ca.siteminder.sdk.adminapi.Session.<init>(Unknown Source)
          at com.ca.federation.api.local.AdminAPIUtil.setupXPSSession(Unknown Source)
          at com.ca.federation.openidconnect.tool.UpdateOIDCClientConfig.main(Unknown Source)
  Caused by: java.lang.ClassNotFoundException: org.apache.logging.log4j.LogManager
          at java.net.URLClassLoader.findClass(URLClassLoader.java:387)
          at java.lang.ClassLoader.loadClass(ClassLoader.java:418)
          at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:355)
          at java.lang.ClassLoader.loadClass(ClassLoader.java:351)

  Policy Server 12.8SP5 on RedHat 7;

The jar openidconnectserver.jar has a dependency on the log4j version.

To bypass this problem, it's advisable to run the command with the out-of-the-box configuration for log4j delivered by the Policy Server 12.8SP5. At the very end of the upgrade, then apply the log4j patch to 2.17.1.