Add missing fields when jwks is off (#19195)

This commit is contained in:
Erik Jan de Wit 2023-03-21 11:38:27 +01:00 committed by GitHub
parent 4f88e41fc7
commit a63438c30e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 1 deletions

View file

@ -22,6 +22,8 @@
"acceptsPromptNone": "This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.", "acceptsPromptNone": "This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.",
"validateSignature": "Enable/disable signature validation of external IDP signatures.", "validateSignature": "Enable/disable signature validation of external IDP signatures.",
"useJwksUrl": "If the switch is on, identity provider public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when identity provider generates new keypair. If the switch is off, public key (or certificate) from the Keycloak DB is used, so when the identity provider keypair changes, you always need to import the new key to the Keycloak DB as well.", "useJwksUrl": "If the switch is on, identity provider public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when identity provider generates new keypair. If the switch is off, public key (or certificate) from the Keycloak DB is used, so when the identity provider keypair changes, you always need to import the new key to the Keycloak DB as well.",
"validatingPublicKey": "The public key in PEM format that must be used to verify external IDP signatures.",
"validatingPublicKeyId": "Explicit ID of the validating public key given above if the key ID. Leave blank if the key above should be used always, regardless of key ID specified by external IDP; set it if the key should only be used for verifying if the key ID from external IDP matches.",
"jwksUrl": "URL where identity provider keys in JWK format are stored. See JWK specification for more details. If you use external Keycloak identity provider, you can use URL like 'http://broker-keycloak:8180/realms/test/protocol/openid-connect/certs' assuming your brokered Keycloak is running on 'http://broker-keycloak:8180' and its realm is 'test' .", "jwksUrl": "URL where identity provider keys in JWK format are stored. See JWK specification for more details. If you use external Keycloak identity provider, you can use URL like 'http://broker-keycloak:8180/realms/test/protocol/openid-connect/certs' assuming your brokered Keycloak is running on 'http://broker-keycloak:8180' and its realm is 'test' .",
"pkceEnabled": "Use PKCE (Proof of Key-code exchange) for IdP Brokering", "pkceEnabled": "Use PKCE (Proof of Key-code exchange) for IdP Brokering",
"pkceMethod": "PKCE Method to use", "pkceMethod": "PKCE Method to use",

View file

@ -122,6 +122,8 @@
"acceptsPromptNone": "Accepts prompt=none forward from client", "acceptsPromptNone": "Accepts prompt=none forward from client",
"validateSignature": "Validate Signatures", "validateSignature": "Validate Signatures",
"useJwksUrl": "Use JWKS URL", "useJwksUrl": "Use JWKS URL",
"validatingPublicKey": "Validating public key",
"validatingPublicKeyId": "Validating public key id",
"jwksUrl": "JWKS URL", "jwksUrl": "JWKS URL",
"pkceEnabled": "Use PKCE", "pkceEnabled": "Use PKCE",
"pkceMethod": "PKCE Method", "pkceMethod": "PKCE Method",

View file

@ -12,7 +12,9 @@ import { Controller, useFormContext, useWatch } from "react-hook-form";
import { useTranslation } from "react-i18next"; import { useTranslation } from "react-i18next";
import { HelpItem } from "ui-shared"; import { HelpItem } from "ui-shared";
import { KeycloakTextArea } from "../../components/keycloak-text-area/KeycloakTextArea";
import { KeycloakTextInput } from "../../components/keycloak-text-input/KeycloakTextInput"; import { KeycloakTextInput } from "../../components/keycloak-text-input/KeycloakTextInput";
import { FormGroupField } from "../component/FormGroupField";
import { SwitchField } from "../component/SwitchField"; import { SwitchField } from "../component/SwitchField";
import { TextField } from "../component/TextField"; import { TextField } from "../component/TextField";
@ -121,12 +123,26 @@ const Fields = ({ readOnly }: DiscoverySettingsProps) => {
data-testid="useJwksUrl" data-testid="useJwksUrl"
isReadOnly={readOnly} isReadOnly={readOnly}
/> />
{useJwks === "true" && ( {useJwks === "true" ? (
<TextField <TextField
field="config.jwksUrl" field="config.jwksUrl"
label="jwksUrl" label="jwksUrl"
isReadOnly={readOnly} isReadOnly={readOnly}
/> />
) : (
<>
<FormGroupField label="validatingPublicKey">
<KeycloakTextArea
data-testid="validatingPublicKey"
{...register("config.publicKeySignatureVerifier")}
/>
</FormGroupField>
<TextField
field="config.publicKeySignatureVerifierKeyId"
label="validatingPublicKeyId"
isReadOnly={readOnly}
/>
</>
)} )}
</> </>
)} )}