Merge branch 'main' into issue_8901

JanssenProject · Aug 5, 2024 · 8ec7fce · 8ec7fce
2 parents 7c6f886 + e157cd4
commit 8ec7fce
Show file tree

Hide file tree

Showing 171 changed files with 5,564 additions and 2,010 deletions.
diff --git a/.github/workflows/documenation_check.yml b/.github/workflows/documenation_check.yml
@@ -41,7 +41,7 @@ jobs:
         run: |
           PULL_NUMBER=${{ github.event.pull_request.number }}
           echo "Parsing commits from PR $PULL_NUMBER"
-          MESSAGE=$(gh pr view "$PULL_NUMBER" --json commits | jq '.' | grep "messageHeadline" | cut -d: -f2- | grep "^docs" || echo "")
+          MESSAGE=$(gh pr view "$PULL_NUMBER" --json commits | jq -r '.commits[].messageHeadline' | grep "^docs" || echo "")
           echo "$MESSAGE"
           if [[ -z "$MESSAGE" ]]; then
             echo "conventional commit starting with docs: does not exist. Checking if user confirmed no impact on docs in PR body"

diff --git a/.github/workflows/test_docker_linux_installer.yml b/.github/workflows/test_docker_linux_installer.yml
@@ -21,7 +21,7 @@ jobs:
       max-parallel: 6
       matrix:
         # add '"pgsql" when supported
-        persistence-backends: ["MYSQL", "PGSQL", "LDAP"]
+        persistence-backends: ["MYSQL", "PGSQL", "LDAP", "COUCHBASE", "SPANNER"]
         python-version: ["3.7"]
       fail-fast: false
     steps:

diff --git a/automation/startjanssenmonolithdemo.sh b/automation/startjanssenmonolithdemo.sh
@@ -12,7 +12,7 @@ if [[ ! "$JANS_FQDN" ]]; then
   read -rp "Enter Hostname [demoexample.jans.io]:                           " JANS_FQDN
 fi
 if [[ ! "$JANS_PERSISTENCE" ]]; then
-  read -rp "Enter persistence type [LDAP|MYSQL|PGSQL]:                            " JANS_PERSISTENCE
+  read -rp "Enter persistence type [LDAP|MYSQL|PGSQL|COUCHBASE[TEST]|SPANNER[TEST]]:                            " JANS_PERSISTENCE
 fi
 
 if [[ -z $EXT_IP ]]; then
@@ -72,12 +72,15 @@ if [[ "$JANS_BUILD_COMMIT" ]]; then
   python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-mysql-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)"
   python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-postgres-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)"
   python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-ldap-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)"
+  python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-couchbase-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)"
+  python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-spanner-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)"
 fi
 # --
 if [[ "$IS_FQDN_REGISTERED" ]]; then
   python3 -c "from dockerfile_parse import DockerfileParser ; dfparser = DockerfileParser('/tmp/jans/docker-jans-monolith') ; dfparser.envs['IS_FQDN_REGISTERED'] = 'true'"
 fi
-if [[ "$RUN_TESTS" ]]; then
+if [[ "$RUN_TESTS" == "true" ]]; then
+  echo "Activating RUN_TEST ENV.."
   python3 -c "from dockerfile_parse import DockerfileParser ; dfparser = DockerfileParser('/tmp/jans/docker-jans-monolith') ; dfparser.envs['RUN_TESTS'] = 'true'"
 fi
 if [[ $JANS_PERSISTENCE == "MYSQL" ]]; then
@@ -86,6 +89,10 @@ elif [[ $JANS_PERSISTENCE == "PGSQL" ]]; then
   bash /tmp/jans/docker-jans-monolith/up.sh postgres
 elif [[ $JANS_PERSISTENCE == "LDAP" ]]; then
   bash /tmp/jans/docker-jans-monolith/up.sh ldap
+elif [[ $JANS_PERSISTENCE == "COUCHBASE" ]]; then
+  bash /tmp/jans/docker-jans-monolith/up.sh couchbase
+elif [[ $JANS_PERSISTENCE == "SPANNER" ]]; then
+  bash /tmp/jans/docker-jans-monolith/up.sh spanner
 fi  
 echo "$EXT_IP $JANS_FQDN" | sudo tee -a /etc/hosts > /dev/null
 jans_status="unhealthy"
@@ -119,9 +126,13 @@ docker exec docker-jans-monolith-jans-1 curl -f -k https://localhost/.well-known
 echo -e "Testing fido2-configuration endpoint.. \n"
 docker exec docker-jans-monolith-jans-1 curl -f -k https://localhost/.well-known/fido2-configuration
 mkdir -p /tmp/reports || echo "reports folder exists"
-while ! docker exec docker-jans-monolith-jans-1 test -f "/tmp/httpd.crt"; do
+end=$((SECONDS+180))
+while [ $SECONDS -lt $end ]; do
   echo "Waiting for the container to run java test preparations"
-  sleep 5
+  if docker exec docker-jans-monolith-jans-1 test -f "/tmp/httpd.crt"; then
+    break
+  fi
+  sleep 10
 done
 echo -e "Running build.. \n"
 docker exec -w /tmp/jans/jans-auth-server docker-jans-monolith-jans-1 mvn -Dcfg="$JANS_FQDN" -Dmaven.test.skip=true -fae clean compile install
@@ -134,7 +145,9 @@ docker cp docker-jans-monolith-jans-1:/tmp/jans/jans-auth-server/test-model/targ
 docker cp docker-jans-monolith-jans-1:/tmp/jans/jans-auth-server/model/target/surefire-reports/testng-results.xml /tmp/reports/$JANS_PERSISTENCE-jans-auth-model-testng-results.xml
 
 EOF
-sudo bash testendpoints.sh
+if [[ "$RUN_TESTS" == "true" ]]; then
+  sudo bash testendpoints.sh
+fi
 echo -e "You may re-execute bash testendpoints.sh to do a quick test to check the configuration endpoints."
 echo -e "Add the following record to your local computers' hosts file to engage with the services $EXT_IP $JANS_FQDN"
 echo -e "To stop run:"

diff --git a/charts/janssen-all-in-one/templates/_helpers.tpl b/charts/janssen-all-in-one/templates/_helpers.tpl
@@ -81,15 +81,6 @@ Create optional scopes list
 {{ if eq .Values.cnPersistenceType "sql" }}
 {{ $newList = append $newList ("sql" | quote) }}
 {{- end }}
-{{- if .Values.fido2.enabled}}
-{{ $newList = append $newList ("fido2" | quote) }}
-{{- end}}
-{{- if .Values.casa.enabled}}
-{{ $newList = append $newList ("casa" | quote) }}
-{{- end}}
-{{- if .Values.scim.enabled}}
-{{ $newList = append $newList ("scim" | quote) }}
-{{- end}}
 {{ toJson $newList }}
 {{- end }}
 

diff --git a/charts/janssen-all-in-one/templates/deployment.yml b/charts/janssen-all-in-one/templates/deployment.yml
@@ -111,9 +111,9 @@ spec:
             mountPath: /etc/certs/vault_secret_id
             subPath: vault_secret_id
         {{- end }}
-          - mountPath: /opt/jans/configurator/db/generate.json
+          - mountPath: /opt/jans/configurator/db/configuration.json
             name: {{ include "janssen-all-in-one.name" . }}-mount-gen-file
-            subPath: generate.json
+            subPath: configuration.json
           - mountPath: /scripts/tls_generator.py
             name: {{ include "janssen-all-in-one.name" . }}-tls-script
             subPath: tls_generator.py

diff --git a/charts/janssen-all-in-one/templates/secret.yaml b/charts/janssen-all-in-one/templates/secret.yaml
@@ -15,29 +15,33 @@ metadata:
 {{- end }}
 type: Opaque
 stringData:
-  generate.json: |-
+  configuration.json: |-
     {
-      "hostname": {{ .Values.fqdn | quote }},
-      "country_code": {{ .Values.countryCode | quote }},
-      "state": {{ .Values.state | quote }},
-      "city": {{ .Values.city | quote }},
-      "admin_pw": {{ .Values.adminPassword | quote }},
-      "ldap_pw": {{ .Values.adminPassword | quote }},
-      "redis_pw": {{ .Values.redisPassword | quote }},
-      "email": {{ .Values.email | quote }},
-      "org_name": {{ .Values.orgName | quote }},
-      {{ if eq .Values.cnPersistenceType "sql" }}
-      "sql_pw": {{ .Values.configmap.cnSqldbUserPassword | quote }},
-      {{- end }}
-      {{ if or ( eq .Values.cnPersistenceType "couchbase" ) ( eq .Values.cnPersistenceType "hybrid" ) }}
-      "couchbase_pw": {{ .Values.configmap.cnCouchbasePassword | quote }},
-      "couchbase_superuser_pw": {{ .Values.configmap.cnCouchbaseSuperUserPassword | quote }},
-      {{- end }}
-      "auth_sig_keys": {{ index .Values "auth-server" "authSigKeys" | quote }},
-      "auth_enc_keys": {{ index .Values "auth-server" "authEncKeys" | quote }},
-      "optional_scopes": {{ list (include "janssen-all-in-one.optionalScopes" . | fromJsonArray | join ",") }},
-      "salt": {{ .Values.salt | quote }},
-      "init_keys_exp": {{ index .Values "auth-server-key-rotation" "initKeysLife" }}
+      "_configmap": {
+        "hostname": {{ .Values.fqdn | quote }},
+        "country_code": {{ .Values.countryCode | quote }},
+        "state": {{ .Values.state | quote }},
+        "city": {{ .Values.city | quote }},
+        "admin_email": {{ .Values.email | quote }},
+        "orgName": {{ .Values.orgName | quote }},
+        "auth_sig_keys": {{ index .Values "auth-server" "authSigKeys" | quote }},
+        "auth_enc_keys": {{ index .Values "auth-server" "authEncKeys" | quote }},
+        "optional_scopes": {{ list (include "janssen-all-in-one.optionalScopes" . | fromJsonArray | join ",") | quote }},
+        "init_keys_exp": {{ index .Values "auth-server-key-rotation" "initKeysLife" }}
+      },
+      "_secret": {
+        "admin_password": {{ .Values.adminPassword | quote }},
+        "ldap_password": {{ .Values.adminPassword | quote }},
+        "redis_password": {{ .Values.redisPassword | quote }},
+        {{ if eq .Values.cnPersistenceType "sql" }}
+        "sql_password": {{ .Values.configmap.cnSqldbUserPassword | quote }},
+        {{- end }}
+        {{ if or ( eq .Values.cnPersistenceType "couchbase" ) ( eq .Values.cnPersistenceType "hybrid" ) }}
+        "couchbase_password": {{ .Values.configmap.cnCouchbasePassword | quote }},
+        "couchbase_superuser_password": {{ .Values.configmap.cnCouchbaseSuperUserPassword | quote }},
+        {{- end }}
+        "encoded_salt": {{ .Values.salt | quote }}
+      }
     }
 
 {{ if or ( eq .Values.cnPersistenceType "couchbase" ) ( eq .Values.cnPersistenceType "hybrid" ) }}

diff --git a/charts/janssen/charts/auth-server/templates/deployment.yml b/charts/janssen/charts/auth-server/templates/deployment.yml
@@ -48,8 +48,8 @@ spec:
         env:
           - name: CN_AUTH_JAVA_OPTIONS
             value: {{ include "auth-server.customJavaOptions" . | trim }}
-          {{- include "auth-server.usr-envs" . | indent 12 }}
-          {{- include "auth-server.usr-secret-envs" . | indent 12 }}
+          {{- include "auth-server.usr-envs" . | indent 10 }}
+          {{- include "auth-server.usr-secret-envs" . | indent 10 }}
         securityContext:
           runAsUser: 1000
           runAsNonRoot: true

diff --git a/charts/janssen/charts/config/templates/_helpers.tpl b/charts/janssen/charts/config/templates/_helpers.tpl
@@ -84,14 +84,5 @@ Create optional scopes list
 {{- if .Values.global.opendj.enabled}}
 {{ $newList = append $newList ("ldap" | quote) }}
 {{- end}}
-{{- if .Values.global.fido2.enabled}}
-{{ $newList = append $newList ("fido2" | quote) }}
-{{- end}}
-{{- if .Values.global.casa.enabled}}
-{{ $newList = append $newList ("casa" | quote) }}
-{{- end}}
-{{- if .Values.global.scim.enabled}}
-{{ $newList = append $newList ("scim" | quote) }}
-{{- end}}
 {{ toJson $newList }}
-{{- end }}
+{{- end }}
diff --git a/charts/janssen/charts/config/templates/load-init-config.yml b/charts/janssen/charts/config/templates/load-init-config.yml
@@ -125,9 +125,9 @@ spec:
             name: aws-secrets-replica-regions
             subPath: aws_secrets_replica_regions
         {{- end }}
-          - mountPath: /app/db/generate.json
+          - mountPath: /app/db/configuration.json
             name: {{ include "config.fullname" . }}-mount-gen-file
-            subPath: generate.json
+            subPath: configuration.json
           - mountPath: /scripts/tls_generator.py
             name: {{ include "config.fullname" . }}-tls-script
             subPath: tls_generator.py

diff --git a/charts/janssen/charts/config/templates/secrets.yaml b/charts/janssen/charts/config/templates/secrets.yaml
@@ -15,29 +15,33 @@ metadata:
 {{- end }}
 type: Opaque
 stringData:
-  generate.json: |-
+  configuration.json: |-
     {
-      "hostname": {{ .Values.global.fqdn | quote }},
-      "country_code": {{ .Values.countryCode | quote }},
-      "state": {{ .Values.state | quote }},
-      "city": {{ .Values.city | quote }},
-      "admin_pw": {{ .Values.adminPassword | quote }},
-      "ldap_pw": {{ .Values.ldapPassword | quote }},
-      "redis_pw": {{ .Values.redisPassword | quote }},
-      "email": {{ .Values.email | quote }},
-      "org_name": {{ .Values.orgName | quote }},
-      {{ if eq .Values.global.cnPersistenceType "sql" }}
-      "sql_pw": {{ .Values.configmap.cnSqldbUserPassword | quote }},
-      {{- end }}
-      {{ if or ( eq .Values.global.cnPersistenceType "couchbase" ) ( eq .Values.global.cnPersistenceType "hybrid" ) }}
-      "couchbase_pw": {{ .Values.configmap.cnCouchbasePassword | quote }},
-      "couchbase_superuser_pw": {{ .Values.configmap.cnCouchbaseSuperUserPassword | quote }},
-      {{- end }}
-      "auth_sig_keys": {{ index .Values "global" "auth-server" "authSigKeys" | quote }},
-      "auth_enc_keys": {{ index .Values "global" "auth-server" "authEncKeys" | quote }},
-      "optional_scopes": {{ list (include "config.optionalScopes" . | fromJsonArray | join ",") }},
-      "salt": {{ .Values.salt | quote }},
-      "init_keys_exp": {{ index .Values "global" "auth-server-key-rotation" "initKeysLife" }}
+      "_configmap": {
+        "hostname": {{ .Values.global.fqdn | quote }},
+        "country_code": {{ .Values.countryCode | quote }},
+        "state": {{ .Values.state | quote }},
+        "city": {{ .Values.city | quote }},
+        "admin_email": {{ .Values.email | quote }},
+        "orgName": {{ .Values.orgName | quote }},
+        "auth_sig_keys": {{ index .Values "global" "auth-server" "authSigKeys" | quote }},
+        "auth_enc_keys": {{ index .Values "global" "auth-server" "authEncKeys" | quote }},
+        "optional_scopes": {{ list (include "config.optionalScopes" . | fromJsonArray | join ",") | quote }},
+        "init_keys_exp": {{ index .Values "global" "auth-server-key-rotation" "initKeysLife" }}
+      },
+      "_secret": {
+        "admin_password": {{ .Values.adminPassword | quote }},
+        "ldap_password": {{ .Values.ldapPassword | quote }},
+        "redis_password": {{ .Values.redisPassword | quote }},
+        {{ if eq .Values.global.cnPersistenceType "sql" }}
+        "sql_password": {{ .Values.configmap.cnSqldbUserPassword | quote }},
+        {{- end }}
+        {{ if or ( eq .Values.global.cnPersistenceType "couchbase" ) ( eq .Values.global.cnPersistenceType "hybrid" ) }}
+        "couchbase_password": {{ .Values.configmap.cnCouchbasePassword | quote }},
+        "couchbase_superuser_password": {{ .Values.configmap.cnCouchbaseSuperUserPassword | quote }},
+        {{- end }}
+        "encoded_salt": {{ .Values.salt | quote }}
+      }
     }
 
 {{ if or ( eq .Values.global.cnPersistenceType "couchbase" ) ( eq .Values.global.cnPersistenceType "hybrid" ) }}

diff --git a/charts/janssen/charts/fido2/templates/deployment.yml b/charts/janssen/charts/fido2/templates/deployment.yml
@@ -51,8 +51,8 @@ spec:
         env:
           - name: CN_FIDO2_JAVA_OPTIONS
             value: {{ include "fido2.customJavaOptions" . | trim }}
-          {{- include "fido2.usr-envs" . | indent 12 }}
-          {{- include "fido2.usr-secret-envs" . | indent 12 }}
+          {{- include "fido2.usr-envs" . | indent 10 }}
+          {{- include "fido2.usr-secret-envs" . | indent 10 }}
         {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }}
         command:
           - /bin/sh

diff --git a/charts/janssen/charts/scim/templates/deployment.yml b/charts/janssen/charts/scim/templates/deployment.yml
@@ -51,8 +51,8 @@ spec:
         env:
           - name: CN_SCIM_JAVA_OPTIONS
             value: {{ include "scim.customJavaOptions" . | trim }}
-          {{- include "scim.usr-envs" . | indent 12 }}
-          {{- include "scim.usr-secret-envs" . | indent 12 }}
+          {{- include "scim.usr-envs" . | indent 10 }}
+          {{- include "scim.usr-secret-envs" . | indent 10 }}
         {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }}
         command:
           - /bin/sh

diff --git a/docker-jans-all-in-one/Dockerfile b/docker-jans-all-in-one/Dockerfile
@@ -58,7 +58,7 @@ RUN apk update \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=1bde1316a3abc8f4e48462d0a2670db901c70aca
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the assets

diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile
@@ -103,7 +103,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/agama/fl \
     /app/static/rdbm \
     /app/schema
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

diff --git a/docker-jans-casa/Dockerfile b/docker-jans-casa/Dockerfile
@@ -56,7 +56,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-casa/plugins \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_CASA_EXTRAS_DIR=jans-casa/extras
 

diff --git a/docker-jans-certmanager/Dockerfile b/docker-jans-certmanager/Dockerfile
@@ -25,7 +25,7 @@ RUN wget -q ${CN_SOURCE_URL} -P /app/javalibs/
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the assets

diff --git a/docker-jans-config-api/Dockerfile b/docker-jans-config-api/Dockerfile
@@ -41,7 +41,7 @@ RUN wget -q https://maven.jans.io/maven/io/jans/jython-installer/${JYTHON_VERSIO
 # ==========
 
 ENV CN_VERSION=1.1.4-SNAPSHOT
-ENV CN_BUILD_DATE='2024-07-08 10:01'
+ENV CN_BUILD_DATE='2024-07-24 10:59'
 
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api-server/${CN_VERSION}/jans-config-api-server-${CN_VERSION}.war
 
@@ -78,7 +78,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-config-api/_plugins \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources
 

diff --git a/docker-jans-config-api/README.md b/docker-jans-config-api/README.md
@@ -76,8 +76,8 @@ The following environment variables are supported by the container:
 - `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID.
 - `CN_CONFIG_API_APP_LOGGERS`: Custom logging configuration in JSON-string format with hash type (see [Configure app loggers](#configure-app-loggers) section for details).
 - `CN_CONFIG_API_PLUGINS`: Comma-separated plugin names that should be enabled (available plugins are `admin-ui`, `scim`, `fido2`, `user-mgt`, `jans-link`, `kc-saml`, `kc-link`, `lock`). Note that unknown plugin name will be ignored.
+- `CN_TOKEN_SERVER_BASE_URL`: Base URL of token server (default to empty).
 - `CN_TOKEN_SERVER_CERT_FILE`: Path to token server certificate (default to `/etc/certs/token_server.crt`).
-- `CN_TOKEN_SERVER_BASE_HOSTNAME`: Hostname of token server (default to empty string).
 - `CN_ADMIN_UI_PLUGIN_LOGGERS`: Custom logging configuration for AdminUI plugin in JSON-string format with hash type (see [Configure plugin loggers](#configure-plugin-loggers) section for details).
 - `CN_PROMETHEUS_PORT`: Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. See [Exposing metrics](#exposing-metrics) for details.
 - `CN_SQL_DB_HOST`: Hostname of the SQL database (default to `localhost`).
@@ -215,4 +215,3 @@ i.e. `http://container:9093/metrics`.
 
 Note that Prometheus JMX exporter uses pre-defined config file (see `conf/prometheus-config.yaml`).
 To customize the config, mount custom config file to `/opt/prometheus/prometheus-config.yaml` inside the container.
-
diff --git a/docker-jans-config-api/scripts/bootstrap.py b/docker-jans-config-api/scripts/bootstrap.py
@@ -363,9 +363,11 @@ def ctx(self) -> dict[str, _t.Any]:
         hostname = self.manager.config.get("hostname")
         approved_issuer = [hostname]
 
-        token_server_hostname = os.environ.get("CN_TOKEN_SERVER_BASE_HOSTNAME")
-        if token_server_hostname and token_server_hostname not in approved_issuer:
-            approved_issuer.append(token_server_hostname)
+        if token_server_url := os.environ.get("CN_TOKEN_SERVER_BASE_URL"):
+            token_server_hostname = urlparse(token_server_url).hostname
+
+            if token_server_hostname and token_server_hostname not in approved_issuer:
+                approved_issuer.append(token_server_hostname)
 
         ctx = {
             "hostname": hostname,