Accept externally generated JWTs provided via cookie

If there is an external service like an AuthAPI that can generate JWTs and hand them over to ClusterCockpit via cookies, CC can be configured to accept them
2025-07-22 12:41:39 +02:00 · 2022-10-19 13:36:13 +02:00
parent 7814a184a1
commit f817ac5240
8 changed files with 283 additions and 7 deletions
--- a/configs/config.json
+++ b/configs/config.json
@@ -29,5 +29,11 @@
                "startTime": { "from": "2022-01-01T00:00:00Z", "to": null }
            }
        }
-    ]
+    ],
+    "jwts": {
+        "cookieName": "",
+        "forceJWTValidationViaDatabase": false,
+        "max-age": 0,
+        "trustedExternalIssuer": ""
+    }
 }
--- a/configs/env-template.txt
+++ b/configs/env-template.txt
@@ -3,6 +3,10 @@
 JWT_PUBLIC_KEY="kzfYrYy+TzpanWZHJ5qSdMj5uKUWgq74BWhQG6copP0="
 JWT_PRIVATE_KEY="dtPC/6dWJFKZK7KZ78CvWuynylOmjBFyMsUWArwmodOTN9itjL5POlqdZkcnmpJ0yPm4pRaCrvgFaFAbpyik/Q=="

+# Base64 encoded Ed25519 public key for accepting externally generated JWTs
+# Keys in PEM format can be converted, see `tools/convert-pem-pubkey-for-cc/Readme.md`
+CROSS_LOGIN_JWT_PUBLIC_KEY=""
+
 # Some random bytes used as secret for cookie-based sessions (DO NOT USE THIS ONE IN PRODUCTION)
 SESSION_KEY="67d829bf61dc5f87a73fd814e2c9f629"