Introspect assertion does not support payloads if the jwks_uri does not include .json. ForgeRock’s URI paths don’t include .json, which causes the error. 

Log file showed:

"com.l7tech.external.assertions.oauth2.introspection.server.OAuthJWTTokenIntrospector: Error encountered while preparing the issuer=<issuer>'s jwks: Unable to obtain HTTP response from https://<hostname>:443/<path>/jwk_uri: Connect to <hostname>:443 timed out. Caused by: Connect to <hostname>:443 timed out.

ssg 11.1,  outbound jwks_uri requests go through a proxy. 

Add a row in Manage HTTP option screen with the following values: 

Host = <jwks_uri hostname>

Port = <port number>

Protocol = HTTPS

Path = <uri path in the jwks_uri >

Proxy = <Proxy IP>:<Port>

Set manage http options for configuring the outbound connection to particular host used in the  jwk_uri.