Accept externally generated JWTs provided via cookie

If there is an external service like an AuthAPI that can generate JWTs and
  hand them over to ClusterCockpit via cookies, CC can be configured to
  accept them

pkg/schema/config.go

@@ -23,6 +23,16 @@ type JWTAuthConfig struct {
 	// Specifies for how long a session or JWT shall be valid
 	// as a string parsable by time.ParseDuration().
 	MaxAge int64 `json:"max-age"`
+
+	// Specifies which cookie should be checked for a JWT token (if no authorization header is present)
+	CookieName string `json:"cookieName"`
+
+	// Deny login for users not in database (but defined in JWT).
+	// Ignore user roles defined in JWTs ('roles' claim), get them from db.
+	ForceJWTValidationViaDatabase bool `json:"forceJWTValidationViaDatabase"`
+
+	// Specifies which issuer should be accepted when validating external JWTs ('iss' claim)
+	TrustedExternalIssuer string `json:"trustedExternalIssuer"`
 }
 
 type IntRange struct {