Add missing fields when jwks is off (#19195)

js/apps/admin-ui/public/resources/en/identity-providers-help.json

@@ -22,6 +22,8 @@
   "acceptsPromptNone": "This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.",
   "validateSignature": "Enable/disable signature validation of external IDP signatures.",
   "useJwksUrl": "If the switch is on, identity provider public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when identity provider generates new keypair. If the switch is off, public key (or certificate) from the Keycloak DB is used, so when the identity provider keypair changes, you always need to import the new key to the Keycloak DB as well.",
+  "validatingPublicKey": "The public key in PEM format that must be used to verify external IDP signatures.",
+  "validatingPublicKeyId": "Explicit ID of the validating public key given above if the key ID. Leave blank if the key above should be used always, regardless of key ID specified by external IDP; set it if the key should only be used for verifying if the key ID from external IDP matches.",
   "jwksUrl": "URL where identity provider keys in JWK format are stored. See JWK specification for more details. If you use external Keycloak identity provider, you can use URL like 'http://broker-keycloak:8180/realms/test/protocol/openid-connect/certs' assuming your brokered Keycloak is running on 'http://broker-keycloak:8180' and its realm is 'test' .",
   "pkceEnabled": "Use PKCE (Proof of Key-code exchange) for IdP Brokering",
   "pkceMethod": "PKCE Method to use",

js/apps/admin-ui/public/resources/en/identity-providers.json

@@ -122,6 +122,8 @@
   "acceptsPromptNone": "Accepts prompt=none forward from client",
   "validateSignature": "Validate Signatures",
   "useJwksUrl": "Use JWKS URL",
+  "validatingPublicKey": "Validating public key",
+  "validatingPublicKeyId": "Validating public key id",
   "jwksUrl": "JWKS URL",
   "pkceEnabled": "Use PKCE",
   "pkceMethod": "PKCE Method",

js/apps/admin-ui/src/identity-providers/add/DiscoverySettings.tsx

@@ -12,7 +12,9 @@ import { Controller, useFormContext, useWatch } from "react-hook-form";
 import { useTranslation } from "react-i18next";
 
 import { HelpItem } from "ui-shared";
+import { KeycloakTextArea } from "../../components/keycloak-text-area/KeycloakTextArea";
 import { KeycloakTextInput } from "../../components/keycloak-text-input/KeycloakTextInput";
+import { FormGroupField } from "../component/FormGroupField";
 import { SwitchField } from "../component/SwitchField";
 import { TextField } from "../component/TextField";
 
@@ -121,12 +123,26 @@ const Fields = ({ readOnly }: DiscoverySettingsProps) => {
             data-testid="useJwksUrl"
             isReadOnly={readOnly}
           />
-          {useJwks === "true" && (
+          {useJwks === "true" ? (
             <TextField
               field="config.jwksUrl"
               label="jwksUrl"
               isReadOnly={readOnly}
             />
+          ) : (
+            <>
+              <FormGroupField label="validatingPublicKey">
+                <KeycloakTextArea
+                  data-testid="validatingPublicKey"
+                  {...register("config.publicKeySignatureVerifier")}
+                />
+              </FormGroupField>
+              <TextField
+                field="config.publicKeySignatureVerifierKeyId"
+                label="validatingPublicKeyId"
+                isReadOnly={readOnly}
+              />
+            </>
           )}
         </>
       )}