diff --git a/changelog/24697.txt b/changelog/24697.txt new file mode 100644 index 0000000000..49492d19b2 --- /dev/null +++ b/changelog/24697.txt @@ -0,0 +1,3 @@ +```release-note:bug +ui: Fixes input for jwks_ca_pem when configuring a JWT auth method +``` \ No newline at end of file diff --git a/ui/app/models/auth-config/jwt.js b/ui/app/models/auth-config/jwt.js index e432800c30..f675c29c9f 100644 --- a/ui/app/models/auth-config/jwt.js +++ b/ui/app/models/auth-config/jwt.js @@ -24,12 +24,31 @@ export default AuthConfig.extend({ oidcClientSecret: attr('string', { label: 'OIDC client secret', }), + oidcDiscoveryCaPem: attr('string', { label: 'OIDC discovery CA PEM', editType: 'file', helpText: 'The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used', }), + + jwksCaPem: attr('string', { + label: 'JWKS CA PEM', + editType: 'file', + }), + + jwksUrl: attr('string', { + label: 'JWKS URL', + }), + + oidcResponseMode: attr('string', { + label: 'OIDC response mode', + }), + + oidcResponseTypes: attr('string', { + label: 'OIDC response types', + }), + jwtValidationPubkeys: attr({ label: 'JWT validation public keys', editType: 'stringArray', @@ -38,14 +57,23 @@ export default AuthConfig.extend({ jwtSupportedAlgs: attr({ label: 'JWT supported algorithms', }), + boundIssuer: attr('string', { helpText: 'The value against which to match the iss claim in a JWT', }), + fieldGroups: computed('constructor.modelName', 'newFields', function () { const type = this.constructor.modelName.split('/')[1].toUpperCase(); let groups = [ { - default: ['oidcDiscoveryUrl', 'defaultRole'], + default: [ + 'oidcDiscoveryUrl', + 'defaultRole', + 'jwksCaPem', + 'jwksUrl', + 'oidcResponseMode', + 'oidcResponseTypes', + ], }, { [`${type} Options`]: [