From a63438c30e09bc9d27cd76b8bb2c91bfadbae924 Mon Sep 17 00:00:00 2001
From: Erik Jan de Wit <erikjan.dewit@gmail.com>
Date: Tue, 21 Mar 2023 11:38:27 +0100
Subject: [PATCH] Add missing fields when jwks is off (#19195)

---
 .../resources/en/identity-providers-help.json  |  2 ++
 .../resources/en/identity-providers.json       |  2 ++
 .../add/DiscoverySettings.tsx                  | 18 +++++++++++++++++-
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/js/apps/admin-ui/public/resources/en/identity-providers-help.json b/js/apps/admin-ui/public/resources/en/identity-providers-help.json
index 243bbb1790..4d194b89cf 100644
--- a/js/apps/admin-ui/public/resources/en/identity-providers-help.json
+++ b/js/apps/admin-ui/public/resources/en/identity-providers-help.json
@@ -22,6 +22,8 @@
   "acceptsPromptNone": "This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.",
   "validateSignature": "Enable/disable signature validation of external IDP signatures.",
   "useJwksUrl": "If the switch is on, identity provider public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when identity provider generates new keypair. If the switch is off, public key (or certificate) from the Keycloak DB is used, so when the identity provider keypair changes, you always need to import the new key to the Keycloak DB as well.",
+  "validatingPublicKey": "The public key in PEM format that must be used to verify external IDP signatures.",
+  "validatingPublicKeyId": "Explicit ID of the validating public key given above if the key ID. Leave blank if the key above should be used always, regardless of key ID specified by external IDP; set it if the key should only be used for verifying if the key ID from external IDP matches.",
   "jwksUrl": "URL where identity provider keys in JWK format are stored. See JWK specification for more details. If you use external Keycloak identity provider, you can use URL like 'http://broker-keycloak:8180/realms/test/protocol/openid-connect/certs' assuming your brokered Keycloak is running on 'http://broker-keycloak:8180' and its realm is 'test' .",
   "pkceEnabled": "Use PKCE (Proof of Key-code exchange) for IdP Brokering",
   "pkceMethod": "PKCE Method to use",
diff --git a/js/apps/admin-ui/public/resources/en/identity-providers.json b/js/apps/admin-ui/public/resources/en/identity-providers.json
index def230d405..e14fde52d0 100644
--- a/js/apps/admin-ui/public/resources/en/identity-providers.json
+++ b/js/apps/admin-ui/public/resources/en/identity-providers.json
@@ -122,6 +122,8 @@
   "acceptsPromptNone": "Accepts prompt=none forward from client",
   "validateSignature": "Validate Signatures",
   "useJwksUrl": "Use JWKS URL",
+  "validatingPublicKey": "Validating public key",
+  "validatingPublicKeyId": "Validating public key id",
   "jwksUrl": "JWKS URL",
   "pkceEnabled": "Use PKCE",
   "pkceMethod": "PKCE Method",
diff --git a/js/apps/admin-ui/src/identity-providers/add/DiscoverySettings.tsx b/js/apps/admin-ui/src/identity-providers/add/DiscoverySettings.tsx
index 23b17407bf..4e04252e8e 100644
--- a/js/apps/admin-ui/src/identity-providers/add/DiscoverySettings.tsx
+++ b/js/apps/admin-ui/src/identity-providers/add/DiscoverySettings.tsx
@@ -12,7 +12,9 @@ import { Controller, useFormContext, useWatch } from "react-hook-form";
 import { useTranslation } from "react-i18next";
 
 import { HelpItem } from "ui-shared";
+import { KeycloakTextArea } from "../../components/keycloak-text-area/KeycloakTextArea";
 import { KeycloakTextInput } from "../../components/keycloak-text-input/KeycloakTextInput";
+import { FormGroupField } from "../component/FormGroupField";
 import { SwitchField } from "../component/SwitchField";
 import { TextField } from "../component/TextField";
 
@@ -121,12 +123,26 @@ const Fields = ({ readOnly }: DiscoverySettingsProps) => {
             data-testid="useJwksUrl"
             isReadOnly={readOnly}
           />
-          {useJwks === "true" && (
+          {useJwks === "true" ? (
             <TextField
               field="config.jwksUrl"
               label="jwksUrl"
               isReadOnly={readOnly}
             />
+          ) : (
+            <>
+              <FormGroupField label="validatingPublicKey">
+                <KeycloakTextArea
+                  data-testid="validatingPublicKey"
+                  {...register("config.publicKeySignatureVerifier")}
+                />
+              </FormGroupField>
+              <TextField
+                field="config.publicKeySignatureVerifierKeyId"
+                label="validatingPublicKeyId"
+                isReadOnly={readOnly}
+              />
+            </>
           )}
         </>
       )}