Skip to content

UI: Disable factors/methods not supported without root certificate #5145

@vitormattos

Description

@vitormattos

🐛 Problem

When the Certificate engine is set to “I will not use root certificate”, it is not possible to generate a temporary certificate for signing using methods like “Email token” or “Click to sign”, as these rely on a root certificate.

However, the interface still allows the selection of these incompatible options, which can lead to misconfigurations.

Below is a screenshot highlighting the options that should be disabled in this mode:

Image

✅ Expected behavior

When Certificate engine is set to “I will not use root certificate”, the UI should:

  • Choose the signature method "Certificate with password"
  • Disable the Email identification method
  • Disable the entire Identification factors section
  • Persist these choices on the server side
  • Show a dialog explaining why Identification factors are disabled, if the admin clicks on it

💡 Additional notes

When submitting a pull request, please include a short demo video showing the interface behavior and paste the video in the PR description.

This issue is open for contributors. If you'd like to help, feel free to leave a comment or start a draft PR!

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    Status

    0. Needs triage

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions