UI: Disable factors/methods not supported without root certificate #5145
Description
🐛 Problem
When the Certificate engine is set to “I will not use root certificate”, it is not possible to generate a temporary certificate for signing using methods like “Email token” or “Click to sign”, as these rely on a root certificate.
However, the interface still allows the selection of these incompatible options, which can lead to misconfigurations.
Below is a screenshot highlighting the options that should be disabled in this mode:
✅ Expected behavior
When Certificate engine is set to “I will not use root certificate”, the UI should:
- Choose the signature method "Certificate with password"
- Disable the Email identification method
- Disable the entire Identification factors section
- Persist these choices on the server side
- Show a dialog explaining why Identification factors are disabled, if the admin clicks on it
💡 Additional notes
When submitting a pull request, please include a short demo video showing the interface behavior and paste the video in the PR description.
This issue is open for contributors. If you'd like to help, feel free to leave a comment or start a draft PR!