diff --git a/topics/clients/oidc/confidential.adoc b/topics/clients/oidc/confidential.adoc
index 198328a6c2..8783a5433f 100644
--- a/topics/clients/oidc/confidential.adoc
+++ b/topics/clients/oidc/confidential.adoc
@@ -45,4 +45,7 @@ client changes it's keys, {{book.project.name}} will automatically download them
 If you use client secured by {{book.project.name}} adapter, you can configure the JWKS URL like https://myhost.com/myapp/k_jwks assuming that https://myhost.com/myapp is the
 root URL of your client application. See {{book.developerguide.link}}[{{book.developerguide.name}}] for additional details.
 
+WARNING: For the performance purposes, {{book.project.name}} caches the public keys of the OIDC clients. If you think that private key of your client
+was compromised, it is obviously good to update your keys, but it's also good to clear the keys cache. See <<fake/../../realms/cache.adoc#_clear-cache, Clearing the cache>>
+section for more details.
 
diff --git a/topics/identity-broker/oidc.adoc b/topics/identity-broker/oidc.adoc
index b89d0ab7f1..f7a4eec0be 100644
--- a/topics/identity-broker/oidc.adoc
+++ b/topics/identity-broker/oidc.adoc
@@ -53,6 +53,9 @@ You must define the OpenID Connection configuration options as well.  They basic
 |Validate Signatures
 |Another optional switch. This is to specify if {{book.project.name}} will verify the signatures on the external ID Token signed by this Identity provider. If this is on,
 the {{book.project.name}} will need to know the public key of the external OIDC identity provider. See below for how to setup it.
+WARNING: For the performance purposes, {{book.project.name}} caches the public key of the external OIDC identity provider. If you think that private key of your Identity provider
+was compromised, it is obviously good to update your keys, but it's also good to clear the keys cache. See
+<<fake/../../realms/cache.adoc#_clear-cache, Clearing the cache>> section for more details.
 
 |Use JWKS URL
 |Applicable just `Validate Signatures` is on. If the switch is on, then identity provider public keys  will be downloaded from given JWKS URL.
diff --git a/topics/realms/cache.adoc b/topics/realms/cache.adoc
index 31096ba147..ad01457215 100644
--- a/topics/realms/cache.adoc
+++ b/topics/realms/cache.adoc
@@ -1,9 +1,10 @@
-
+[[_clear-cache]]
 === Clearing Server Caches
 
 {{book.project.name}} will cache everything it can in memory within the limits of your JVM and/or the limits you've configured
 it for.  If the {{book.project.name}} database is modified by a third party (i.e. a DBA) outside the scope of the server's REST APIs or Admin Console
-there's a chance parts of the in-memory cache may be stale.  You can clear the realm and user caches from the Admin Console by going
+there's a chance parts of the in-memory cache may be stale.  You can clear the realm cache, user cache or cache of external public keys (Public keys of
+ external clients or Identity providers, which {{book.project.name}} usually uses for verify signatures of particular external entity) from the Admin Console by going
 to the `Realm Settings` left menu item and the `Cache` tab.
 
 .Keys tab