@Test
  public void testSignatureVerificationHardcodedPublicKey() throws Exception {
    // Configure OIDC identity provider with JWKS URL
    IdentityProviderRepresentation idpRep = getIdentityProvider();
    OIDCIdentityProviderConfigRep cfg = new OIDCIdentityProviderConfigRep(idpRep);
    cfg.setValidateSignature(true);
    cfg.setUseJwksUrl(false);

    KeysMetadataRepresentation.KeyMetadataRepresentation key =
        ApiUtil.findActiveKey(providerRealm());
    cfg.setPublicKeySignatureVerifier(key.getPublicKey());
    updateIdentityProvider(idpRep);

    // Check that user is able to login
    logInAsUserInIDPForFirstTime();
    assertLoggedInAccountManagement();

    logoutFromRealm(bc.consumerRealmName());

    // Rotate public keys on the parent broker
    rotateKeys();

    // User not able to login now as new keys can't be yet downloaded (10s timeout)
    logInAsUserInIDP();
    assertErrorPage("Unexpected error when authenticating with identity provider");

    logoutFromRealm(bc.consumerRealmName());

    // Even after time offset is user not able to login, because it uses old key hardcoded in
    // identityProvider config
    setTimeOffset(20);

    logInAsUserInIDP();
    assertErrorPage("Unexpected error when authenticating with identity provider");
  }
 private String getActiveKeyProvider() {
   KeysMetadataRepresentation keyMetadata = adminClient.realm(DEMO).keys().getKeyMetadata();
   String activeKid = keyMetadata.getActive().get(AlgorithmType.RSA.name());
   for (KeysMetadataRepresentation.KeyMetadataRepresentation rep : keyMetadata.getKeys()) {
     if (rep.getKid().equals(activeKid)) {
       return rep.getProviderId();
     }
   }
   return null;
 }