feat(image): add authentication method selection for admin-ui image (#…

…540)

docker-admin-ui/README.md

@@ -82,6 +82,7 @@ The following environment variables are supported by the container:
 - `CN_GOOGLE_SPANNER_INSTANCE_ID`: Google Spanner instance ID.
 - `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID.
 - `GLUU_ADMIN_UI_PLUGINS`: Comma-separated additional plugins to be enabled (default to empty string). See [Adding plugins](#adding-plugins) for details.
+- `GLUU_ADMIN_UI_AUTH_METHOD`: Authentication method for admin-ui (one of `basic` or `casa`; default to `basic`). Note, changing the value require restart to jans-config-api.
 
 ### Hybrid mapping
 

docker-admin-ui/scripts/bootstrap.py

@@ -115,6 +115,7 @@ def ctx(self):
 
         ctx = {
             "hostname": self.manager.config.get("hostname"),
+            "admin_ui_auth_method": os.environ.get("GLUU_ADMIN_UI_AUTH_METHOD", "basic"),
         }
 
         # admin-ui client for auth server

docker-admin-ui/scripts/wait.py

@@ -24,6 +24,10 @@ def main():
         sql_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql")
         validate_persistence_sql_dialect(sql_dialect)
 
+    auth_method = os.environ.get("GLUU_ADMIN_UI_AUTH_METHOD", "basic")
+    if auth_method not in ("basic", "casa"):
+        raise ValueError(f"Unsupported authentication method {auth_method}")
+
     manager = get_manager()
     deps = ["config", "secret"]
     wait_for(manager, deps)

docker-admin-ui/templates/auiConfiguration.properties.tmpl

@@ -3,7 +3,7 @@ authserver.clientId=%(admin_ui_client_id)s
 authserver.clientSecret=%(admin_ui_client_pw)s
 authserver.authzBaseUrl=https://%(hostname)s/jans-auth/restv1/authorize
 authserver.scope=openid+profile+email+user_name
-authserver.acrValues=basic
+authserver.acrValues=%(admin_ui_auth_method)s
 authserver.redirectUrl=https://%(hostname)s/admin
 authserver.frontChannelLogoutUrl=https://%(hostname)s/admin/logout
 authserver.postLogoutRedirectUri=https://%(hostname)s/admin