There is an indefinite caching of key provider uri in dfsclient.
Relevant piece of code.
Once the key provider uri is set, it won't refresh the value even if the key provider uri on namenode is changed.
For long running clients like on oozie servers, this means we have to bounce all the oozie servers to get the change reflected.
After this change, the client will cache the value for an hour after which it will issue getServerDefaults call and will refresh the key provider uri.