diff --git a/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java b/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java
index 4a9c1b5b80..7e276b9e48 100644
--- a/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java
+++ b/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java
@@ -110,7 +110,7 @@ public void accept(RestChannel channel) throws Exception {
                 try {
                     if (vendor == null) {
                         channel.sendResponse(
-                            new BytesRestResponse(RestStatus.SERVICE_UNAVAILABLE, "on_behalf_of configuration is not being configured")
+                            new BytesRestResponse(RestStatus.SERVICE_UNAVAILABLE, "on_behalf_of is either disabled or the configuration is invalid")
                         );
                         return;
                     }
diff --git a/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java b/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java
index 26c9a1fc62..fb894c5ffc 100644
--- a/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java
+++ b/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java
@@ -211,8 +211,8 @@ private AuthCredentials extractCredentials0(final RestRequest request) {
             }
 
             final String issuer = claims.getIssuer();
-            final String clusterID = OpenSearchSecurityPlugin.getClusterName().getClusterName().value();
-            if (!issuer.equals(clusterID)) {
+            final String clusterName = OpenSearchSecurityPlugin.getClusterName().getClusterName().value();
+            if (!issuer.equals(clusterName)) {
                 log.error("This issuer of this OBO does not match the current cluster identifier");
                 return null;
             }