GluuFederation · moabu · Jul 25, 2024 · Jul 25, 2024
@@ -6,7 +6,7 @@ FROM alpine:3.19
 
 RUN apk update \
     && apk upgrade --available \
-    && apk add --no-cache tini openssl python3 py3-cryptography py3-psycopg2 nginx py3-grpcio \
+    && apk add --no-cache tini openssl python3 py3-cryptography py3-psycopg2 nginx py3-grpcio curl \
     && apk add --no-cache --virtual .build-deps git
 
 # =====
@@ -44,7 +44,7 @@ RUN cd /tmp/jans \
     && cp ${JANS_SETUP_DIR}/schema/custom_schema.json /app/schema/ \
     && cp ${JANS_SETUP_DIR}/schema/opendj_types.json /app/schema/
 
-ENV FLEX_SOURCE_VERSION=a53727328019d8dba3c3c3daf01c5d4af0ad8b0e
+ENV FLEX_SOURCE_VERSION=3e17a7e152a5e527c4da4331b580c99e7c3a6692
 
 RUN mkdir -p /app/templates/admin-ui
 

@@ -54,7 +54,9 @@ The following environment variables are supported by the container:
 - `CN_GOOGLE_SECRET_VERSION_ID`: Janssen secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended.
 - `CN_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen secret in Google Secret Manager. Defaults to `jans`. If left `jans-secret` secret will be created.
 - `CN_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Janssen secret in Google Secret Manager. This is recommended to be changed and defaults to `secret`.
-- `CN_TOKEN_SERVER_BASE_HOSTNAME`: Hostname of token server (default to `localhost`).
+- `CN_AUTH_BASE_URL`: Base URL of auth server (default to empty).
+- `CN_CONFIG_API_BASE_URL`: Base URL of config-api server (default to empty).
+- `CN_TOKEN_SERVER_BASE_URL`: Base URL of token server (default to empty).
 - `CN_TOKEN_SERVER_AUTHZ_ENDPOINT`: Authorization endpoint at token server (default to `/jans-auth/authorize.htm`).
 - `CN_TOKEN_SERVER_TOKEN_ENDPOINT`: Token endpoint at token server (default to `/jans-auth/restv1/token`).
 - `CN_TOKEN_SERVER_INTROSPECTION_ENDPOINT`: Introspection endpoint at token server (default to `/jans-auth/restv1/introspection`).

@@ -62,7 +62,8 @@ def __init__(self, manager):
         self.client = client_cls(manager)
 
     def get_token_server_ctx(self):
-        hostname = os.environ.get("CN_TOKEN_SERVER_BASE_HOSTNAME") or self.manager.config.get("hostname")
+        hostname = self.manager.config.get("hostname")
+        base_url = os.environ.get("CN_TOKEN_SERVER_BASE_URL") or f"https://{hostname}"
         authz_endpoint = os.environ.get("CN_TOKEN_SERVER_AUTHZ_ENDPOINT") or "/jans-auth/restv1/authorize"
         token_endpoint = os.environ.get("CN_TOKEN_SERVER_TOKEN_ENDPOINT") or "/jans-auth/restv1/token"
         introspection_endpoint = os.environ.get("CN_TOKEN_SERVER_INTROSPECTION_ENDPOINT") or "/jans-auth/restv1/introspection"
@@ -75,19 +76,22 @@ def get_token_server_ctx(self):
         return {
             "token_server_admin_ui_client_id": os.environ.get("CN_TOKEN_SERVER_CLIENT_ID") or self.manager.config.get("token_server_admin_ui_client_id"),
             "token_server_admin_ui_client_pw": read_from_file(pw_file),
-            "token_server_authz_url": f"https://{hostname}{authz_endpoint}",
-            "token_server_token_url": f"https://{hostname}{token_endpoint}",
-            "token_server_introspection_url": f"https://{hostname}{introspection_endpoint}",
-            "token_server_userinfo_url": f"https://{hostname}{userinfo_endpoint}",
+            "token_server_base_url": base_url,
+            "token_server_authz_url": f"{base_url}{authz_endpoint}",
+            "token_server_token_url": f"{base_url}{token_endpoint}",
+            "token_server_introspection_url": f"{base_url}{introspection_endpoint}",
+            "token_server_userinfo_url": f"{base_url}{userinfo_endpoint}",
         }
 
     @cached_property
     def ctx(self):
         salt = self.manager.secret.get("encoded_salt")
+        hostname = self.manager.config.get("hostname")
 
         ctx = {
-            "hostname": self.manager.config.get("hostname"),
+            "hostname": hostname,
             "adminui_authentication_mode": os.environ.get("GLUU_ADMIN_UI_AUTH_METHOD", "basic"),
+            "jans_auth_base_url": os.environ.get("CN_AUTH_BASE_URL", f"https://{hostname}"),
         }
 
         # admin-ui client for auth server
@@ -289,14 +293,20 @@ def resolve_conf_app(old_conf, new_conf):
             old_conf["oidcConfig"]["auiWebClient"]["additionalParameters"] = []
             should_update = True
 
+        # changes to auiBackendApiClient endpoints
+        for endpoint in ["tokenEndpoint", "introspectionEndpoint"]:
+            if old_conf["oidcConfig"]["auiBackendApiClient"][endpoint] != new_conf["oidcConfig"]["auiBackendApiClient"][endpoint]:
+                old_conf["oidcConfig"]["auiBackendApiClient"][endpoint] = new_conf["oidcConfig"]["auiBackendApiClient"][endpoint]
+                should_update = True
+
     # finalized status and conf
     return should_update, old_conf
 
 
 def render_env_config(manager):
     hostname = manager.config.get("hostname")
     ctx = {
-        "hostname": hostname,
+        "config_api_base_url": os.environ.get("CN_CONFIG_API_BASE_URL", f"https://{hostname}"),
     }
 
     with open("/app/templates/admin-ui/env-config.js") as fr:

@@ -1,7 +1,7 @@
 {
     "oidcConfig": {
         "auiWebClient": {
-            "opHost": "https://%(hostname)s",
+            "opHost": "%(jans_auth_base_url)s",
             "clientId": "%(admin_ui_client_id)s",
             "clientSecret": "%(admin_ui_client_encoded_pw)s",
             "scopes": [
@@ -19,7 +19,7 @@
             "additionalParameters": []
         },
         "auiBackendApiClient": {
-            "opHost": "https://%(hostname)s",
+            "opHost": "%(token_server_base_url)s",
             "clientId": "%(token_server_admin_ui_client_id)s",
             "clientSecret": "%(token_server_admin_ui_client_encoded_pw)s",
             "tokenEndpoint": "%(token_server_token_url)s",

@@ -1,5 +1,5 @@
-const CONFIG_API_BASE_URL = "https://%(hostname)s/jans-config-api"
-const API_BASE_URL = "https://%(hostname)s/jans-config-api/admin-ui"
+const CONFIG_API_BASE_URL = "%(config_api_base_url)s/jans-config-api"
+const API_BASE_URL = "%(config_api_base_url)s/jans-config-api/admin-ui"
 
 window.configApiBaseUrl = CONFIG_API_BASE_URL
 window.apiBaseUrl = API_BASE_URL