From: Dietmar Maurer <dietmar@proxmox.com>
To: wb <webmaster@jbsky.fr>,
Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] RE : [PATCH] [PATCH pve-access-control] SSO feature:login with SAMLv2
Date: Wed, 2 Jun 2021 10:59:59 +0200 (CEST) [thread overview]
Message-ID: <361453332.3258.1622624399545@webmail.proxmox.com> (raw)
> > I wonder why you want to store temporary data in /etc/pve/tmp/saml. Wouldn't it we good enough
> > to store that on the local file system?
> On the one hand, I enjoyed reusing your work.
> On the other hand, I think it is more secure to put this kind of data in /etc/pve/tmp/saml than in /tmp/saml/
No, I consider this less secure. Especially if the write is triggered by unauthenticated request...
> Then, yes, it is possible to store it on /tmp/saml for example, it is variable data. Nothing is fixed, you are free to do what you want.
>
> > Unfortunately, your code depends on code not packaged for Debian. Any idea
> > how to replace that (cpanm Net::SAML2)?
>
> Since I'm not a perl specialist, I took what seemed to me the most standard in this language. Have you considered cloning this repos available on GitHub(https://github.com/perl-net-saml2/perl-Net-SAML2)?
This module has way to much dependencies (Moose). I do not want to use that.
> > Or better, is there a 'rust' implementaion for SAML2? If so, we could make perl bindings
> > for that and reuse the code with Proxmox Backup Server.
>
> Do you have a specific project or library in mind?
>
> Unfortunately, I don't have any knowledge about rust and I'll have a hard time accompanying you on this topic. However, it seems that there are projects on github in opensource, for example https://github.com/njaremko/samael.
All those SAML libs are basically unmaintained, without any large user base.
> I'll tell you again,nothing is fixed, you are free to do what you want.
I also wonder why SAML? Would it be an option to use OpenId connect instead?
next reply other threads:[~2021-06-02 9:00 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-02 8:59 Dietmar Maurer [this message]
2021-06-02 10:16 ` [pve-devel] RE : " wb
-- strict thread matches above, loose matches on Subject: below --
2021-06-01 9:04 [pve-devel] [PATCH] [PATCH pve-access-control] SSO feature: login " Dietmar Maurer
2021-06-01 19:03 ` [pve-devel] RE : [PATCH] [PATCH pve-access-control] SSO feature:login " wb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=361453332.3258.1622624399545@webmail.proxmox.com \
--to=dietmar@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=webmaster@jbsky.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal