diff --git a/apps/authentication/templates/authentication/login.html b/apps/authentication/templates/authentication/login.html
index bff33eb17..21d775633 100644
--- a/apps/authentication/templates/authentication/login.html
+++ b/apps/authentication/templates/authentication/login.html
@@ -52,14 +52,21 @@
             </div>
         </div>
 
-        {% if AUTH_OPENID %}
+        {% if AUTH_OPENID or AUTH_OIDC_RP %}
             <div class="hr-line-dashed"></div>
             <p class="text-muted text-center">{% trans "More login options" %}</p>
             <div>
+                {% if AUTH_OIDC_RP %}
+                    <button type="button" class="btn btn-default btn-sm btn-block" onclick="location.href='{% url 'authentication:oidc-rp:oidc-login' %}'">
+                        <i class="fa fa-openid"></i>
+                        {% trans 'OpenID' %}
+                    </button>
+                {% elif AUTH_OPENID %}
                 <button type="button" class="btn btn-default btn-sm btn-block" onclick="location.href='{% url 'authentication:openid:openid-login' %}'">
                     <i class="fa fa-openid"></i>
                     {% trans 'Keycloak' %}
                 </button>
+                {% endif %}
             </div>
         {% endif %}
 
diff --git a/apps/authentication/views/login.py b/apps/authentication/views/login.py
index 4a9225f94..d27c4ccc3 100644
--- a/apps/authentication/views/login.py
+++ b/apps/authentication/views/login.py
@@ -113,6 +113,7 @@ class UserLoginView(mixins.AuthMixin, FormView):
         context = {
             'demo_mode': os.environ.get("DEMO_MODE"),
             'AUTH_OPENID': settings.AUTH_OPENID,
+            'AUTH_OIDC_RP': settings.AUTH_OIDC_RP,
         }
         kwargs.update(context)
         return super().get_context_data(**kwargs)
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index 1a6e24278..68e5d6e86 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -143,15 +143,16 @@ class Config(dict):
         'AUTH_OPENID_IGNORE_SSL_VERIFICATION': True,
         'AUTH_OPENID_SHARE_SESSION': True,
 
+
         'AUTH_OIDC_RP': False,
         'OIDC_RP_CLIENT_ID': 'client-id',
         'OIDC_RP_CLIENT_SECRET': 'client-secret',
-        'OIDC_RP_PROVIDER_ENDPOINT': 'provider-endpoint',
-        'OIDC_RP_PROVIDER_AUTHORIZATION_ENDPOINT': 'provider-authorization-endpoint',
-        'OIDC_RP_PROVIDER_TOKEN_ENDPOINT': 'provider-token-endpoint',
-        'OIDC_RP_PROVIDER_JWKS_ENDPOINT': 'provider-jwks-endpoint',
-        'OIDC_RP_PROVIDER_USERINFO_ENDPOINT': 'provider-userinfo-endpoint',
-        'OIDC_RP_PROVIDER_END_SESSION_ENDPOINT': 'end-session-endpoint',
+        'OIDC_RP_PROVIDER_ENDPOINT': 'https://op-endpoint.com',
+        'OIDC_RP_PROVIDER_AUTHORIZATION_ENDPOINT': 'https://op-endpoint.com/authorize',
+        'OIDC_RP_PROVIDER_TOKEN_ENDPOINT': 'https://op-endpoint.com/token',
+        'OIDC_RP_PROVIDER_JWKS_ENDPOINT': 'https://op-endpoint.com/jwk',
+        'OIDC_RP_PROVIDER_USERINFO_ENDPOINT': 'https://op-endpoint.com/userinfo',
+        'OIDC_RP_PROVIDER_END_SESSION_ENDPOINT': 'https://op-endpoint.com/logout',
         'OIDC_RP_ID_TOKEN_MAX_AGE': 60,
 
         'AUTH_RADIUS': False,
@@ -292,9 +293,6 @@ class DynamicConfig:
         return lambda: self.get(item)
 
     def LOGIN_URL(self):
-        auth_openid = self.get('AUTH_OPENID')
-        if auth_openid:
-            return reverse_lazy("authentication:openid:openid-login")
         return self.get('LOGIN_URL')
 
     def AUTHENTICATION_BACKENDS(self):
diff --git a/apps/jumpserver/settings/auth.py b/apps/jumpserver/settings/auth.py
index 16fa3e54e..e46362638 100644
--- a/apps/jumpserver/settings/auth.py
+++ b/apps/jumpserver/settings/auth.py
@@ -59,6 +59,9 @@ AUTH_OPENID_LOGIN_COMPLETE_URL = reverse_lazy("authentication:openid:openid-logi
 # oidc rp
 # jumpserver
 AUTH_OIDC_RP = CONFIG.AUTH_OIDC_RP
+if AUTH_OIDC_RP:
+    # 优先使用AUTH_OIDC_RP
+    AUTH_OPENID = False
 OIDC_RP_LOGIN_URL_NAME = "authentication:oidc-rp:oidc-login"
 OIDC_RP_LOGIN_CALLBACK_URL_NAME = "authentication:oidc-rp:oidc-callback"
 OIDC_RP_LOGOUT_URL_NAME = "authentication:oidc-rp:oidc-logout"
diff --git a/apps/users/utils.py b/apps/users/utils.py
index 0729115b6..9488b5877 100644
--- a/apps/users/utils.py
+++ b/apps/users/utils.py
@@ -326,7 +326,7 @@ def get_source_choices():
     ]
     if settings.AUTH_LDAP:
         choices.append((User.SOURCE_LDAP, choices_all[User.SOURCE_LDAP]))
-    if settings.AUTH_OPENID:
+    if settings.AUTH_OPENID or settings.AUTH_OIDC_RP:
         choices.append((User.SOURCE_OPENID, choices_all[User.SOURCE_OPENID]))
     if settings.AUTH_RADIUS:
         choices.append((User.SOURCE_RADIUS, choices_all[User.SOURCE_RADIUS]))
diff --git a/config_example.yml b/config_example.yml
index 5699f4ff0..cec3b7eb6 100644
--- a/config_example.yml
+++ b/config_example.yml
@@ -55,7 +55,11 @@ REDIS_PORT: 6379
 # REDIS_DB_CACHE: 4
 
 # Use OpenID authorization
-# 使用OpenID 来进行认证设置
+#
+# 配置说明: 如果您使用的是Keycloak作为OP，可以使用方式1或方式2; 如果OP不是Keycloak, 请使用方式2
+#
+# 方式1: OpenID认证 (基于 oidc 协议的 keycloak 的实现)
+#
 # BASE_SITE_URL: http://localhost:8080
 # AUTH_OPENID: false  # True or False
 # AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
@@ -64,6 +68,19 @@ REDIS_PORT: 6379
 # AUTH_OPENID_CLIENT_SECRET: client-secret
 # AUTH_OPENID_IGNORE_SSL_VERIFICATION: True
 # AUTH_OPENID_SHARE_SESSION: True
+#
+# 方式2: OpenID认证 (使用标准 oidc 协议进行认证)
+# 配置参数详细信息参考: https://django-oidc-rp.readthedocs.io/en/stable/settings.html
+#
+# AUTH_OIDC_RP: False
+# OIDC_RP_CLIENT_ID: client-id
+# OIDC_RP_CLIENT_SECRET: client-secret
+# OIDC_RP_PROVIDER_ENDPOINT: https://op-endpoint.com
+# OIDC_RP_PROVIDER_AUTHORIZATION_ENDPOINT: https://op-endpoint.com/authorize
+# OIDC_RP_PROVIDER_TOKEN_ENDPOINT: https://op-endpoint.com/token
+# OIDC_RP_PROVIDER_JWKS_ENDPOINT: https://op-endpoint.com/jwk
+# OIDC_RP_PROVIDER_USERINFO_ENDPOINT: https://op-endpoint.com/userinfo
+# OIDC_RP_PROVIDER_END_SESSION_ENDPOINT: https://op-endpoint.com/logout
 
 # Use Radius authorization
 # 使用Radius来认证