The "External JWT" identity provider, allows us to authenticate against an application using an external JWT. As far as I can see, the only way to allow/disallow external JWTs on this "External JWT" identity provider is whether or not the kid is known in the Key Master configuration.
I can't seem to find a way to restrict a certain external issuer to a certain "External JWT" identity provider which is problematic if we have multiple applications with different relying-parties.
For example:
"External JWT IdP A" is linked to "Application A"
"External JWT IdP B" is linked to "Application B"
on "Application A" we want to allow external JWTs of Issuer 1, with kid X.
on "Application B" we want to allow external JWTs of Issuer 2, with kid Y.
But since both kids are known in Key Master, both External JWT IdPs will accept any JWT, doesn't matter if it's kid X or Y. Is there a way to restrict this (f.e. link specific signing key to specific external IdP or validate the iss field in the external JWT)? As currently this is a major security issue for us.