From: Julien BLAIS <webmaster@jbsky.fr>
To: pve-devel@lists.proxmox.com
Cc: Julien BLAIS <webmaster@jbsky.fr>
Subject: [pve-devel] [PATCH container] [PATCH pve-manager] SSO feature: login with SAMLv2
Date: Thu, 27 May 2021 23:55:14 +0200 [thread overview]
Message-ID: <20210527215511.28243-4-webmaster@jbsky.fr> (raw)
In-Reply-To: <20210527215511.28243-1-webmaster@jbsky.fr>
Part allowing to add a SAML authentication
Adding the rule that the endpoint /access/saml does not need authentication
Signed-off-by: Julien BLAIS <webmaster@jbsky.fr>
---
PVE/HTTPServer.pm | 3 +-
www/manager6/Makefile | 1 +
www/manager6/Utils.js | 5 +++
www/manager6/dc/AuthEditSAML.js | 65 +++++++++++++++++++++++++++++++++
4 files changed, 73 insertions(+), 1 deletion(-)
create mode 100644 www/manager6/dc/AuthEditSAML.js
diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index 636b562b..3e64943a 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -68,7 +68,8 @@ sub auth_handler {
# explicitly allow some calls without auth
if (($rel_uri eq '/access/domains' && $method eq 'GET') ||
- ($rel_uri eq '/access/ticket' && ($method eq 'GET' || $method eq 'POST'))) {
+ ($rel_uri eq '/access/ticket' && ($method eq 'GET' || $method eq 'POST')) ||
+ ($rel_uri eq '/access/saml' && $method eq 'GET' )) {
$require_auth = 0;
}
diff --git a/www/manager6/Makefile b/www/manager6/Makefile
index 506b5a4e..fc89215e 100644
--- a/www/manager6/Makefile
+++ b/www/manager6/Makefile
@@ -119,6 +119,7 @@ JSSRC= \
dc/AuthEditBase.js \
dc/AuthEditAD.js \
dc/AuthEditLDAP.js \
+ dc/AuthEditSAML.js \
dc/AuthView.js \
dc/Backup.js \
dc/Cluster.js \
diff --git a/www/manager6/Utils.js b/www/manager6/Utils.js
index d9567979..600b81e9 100644
--- a/www/manager6/Utils.js
+++ b/www/manager6/Utils.js
@@ -740,6 +740,11 @@ Ext.define('PVE.Utils', {
syncipanel: 'pveAuthLDAPSyncPanel',
add: true,
},
+ saml: {
+ name: gettext('SAMLv2'),
+ ipanel: 'pveAuthSAMLPanel',
+ add: true,
+ },
pam: {
name: 'Linux PAM',
ipanel: 'pveAuthBasePanel',
diff --git a/www/manager6/dc/AuthEditSAML.js b/www/manager6/dc/AuthEditSAML.js
new file mode 100644
index 00000000..3794bccd
--- /dev/null
+++ b/www/manager6/dc/AuthEditSAML.js
@@ -0,0 +1,65 @@
+Ext.define('PVE.panel.SAMLInputPanel', {
+ extend: 'PVE.panel.AuthBase',
+ xtype: 'pveAuthSAMLPanel',
+
+ initComponent: function() {
+ let me = this;
+
+ if (me.type !== 'saml') {
+ throw 'invalid type';
+ }
+
+ me.column1 = [
+ {
+ xtype: 'textfield',
+ name: 'Identity_Provider_Entity_ID',
+ fieldLabel: gettext('IdP Entity ID'),
+ emptyText: '',
+ allowBlank: false,
+ },
+ {
+ xtype: 'textfield',
+ name: 'Identity_Provider_Url_Metadata',
+ emptyText: '',
+ fieldLabel: gettext('IdP Url Metadata'),
+ allowBlank: true,
+ },
+ {
+ name: 'Identity_Provider_x509_CA_Certificate',
+ emptyText: '',
+ fieldLabel: gettext('IdP x509 CA Certificate'),
+ allowBlank: true,
+ xtype: 'textarea',
+ },
+ ];
+
+ me.column2 = [
+ {
+ xtype: 'textfield',
+ fieldLabel: gettext('SP Entity ID'),
+ allowBlank: false,
+ name: 'Service_Provider_Entity_ID',
+ },
+ {
+ xtype: 'textarea',
+ fieldLabel: gettext('SP Private key'),
+ allowBlank: true,
+ name: 'Service_Provider_Private_Key',
+ }
+ ];
+
+ me.callParent();
+ },
+ onGetValues: function(values) {
+ let me = this;
+
+ if (!values.verify) {
+ if (!me.isCreate) {
+ Proxmox.Utils.assemble_field_data(values, { 'delete': 'verify' });
+ }
+ delete values.verify;
+ }
+
+ return me.callParent([values]);
+ },
+});
--
2.20.1
next prev parent reply other threads:[~2021-05-27 21:57 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-27 21:55 [pve-devel] [PATCH] [PATCH pve-access-control] " Julien BLAIS
2021-05-27 21:55 ` [pve-devel] [PATCH] [PATCH pve-cluster] " Julien BLAIS
2021-05-27 21:55 ` [pve-devel] [PATCH] [PATCH pve-http-server] " Julien BLAIS
2021-05-27 21:55 ` Julien BLAIS [this message]
2021-05-28 7:38 ` [pve-devel] [PATCH] [PATCH pve-access-control] " Thomas Lamprecht
2021-05-28 12:11 ` [pve-devel] RE : [PATCH] [PATCH pve-access-control] SSO feature: loginwith SAMLv2 wb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210527215511.28243-4-webmaster@jbsky.fr \
--to=webmaster@jbsky.fr \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal