From: wb <webmaster@jbsky.fr>
To: Dietmar Maurer <dietmar@proxmox.com>,
Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: [pve-devel] RE : [PATCH] [PATCH pve-access-control] SSO feature:login with SAMLv2
Date: Tue, 1 Jun 2021 21:03:58 +0200 [thread overview]
Message-ID: <689597d36cbfd5debb30f76164f88201@mwinf5d29.me-wanadoo.net> (raw)
In-Reply-To: <2082173493.3135.1622538241740@webmail.proxmox.com>
> I wonder why you want to store temporary data in /etc/pve/tmp/saml. Wouldn't it we good enough
> to store that on the local file system?
On the one hand, I enjoyed reusing your work.
On the other hand, I think it is more secure to put this kind of data in /etc/pve/tmp/saml than in /tmp/saml/
Then, yes, it is possible to store it on /tmp/saml for example, it is variable data. Nothing is fixed, you are free to do what you want.
> Unfortunately, your code depends on code not packaged for Debian. Any idea
> how to replace that (cpanm Net::SAML2)?
Since I'm not a perl specialist, I took what seemed to me the most standard in this language. Have you considered cloning this repos available on GitHub(https://github.com/perl-net-saml2/perl-Net-SAML2)?
> Or better, is there a 'rust' implementaion for SAML2? If so, we could make perl bindings
> for that and reuse the code with Proxmox Backup Server.
Do you have a specific project or library in mind?
Unfortunately, I don't have any knowledge about rust and I'll have a hard time accompanying you on this topic. However, it seems that there are projects on github in opensource, for example https://github.com/njaremko/samael.
I'll tell you again,nothing is fixed, you are free to do what you want.
I test with lemonldapng which is less simple to install and to handle than keycloak.
I remain at your disposal if needed.
Yours sincerely,
De : Dietmar Maurer
Envoyé le :mardi 1 juin 2021 11:04
À : Proxmox VE development discussion; Julien BLAIS
Objet :Re: [pve-devel] [PATCH] [PATCH pve-access-control] SSO feature:login with SAMLv2
Unfortunately, your code depends on code not packaged for Debian. Any idea
how to replace that (cpanm Net::SAML2)?
Or better, is there a 'rust' implementaion for SAML2? If so, we could make perl bindings
for that and reuse the code with Proxmox Backup Server.
Other ideas?
> diff --git a/src/PVE/Auth/SAML.pm b/src/PVE/Auth/SAML.pm
> new file mode 100644
> index 0000000..4653cb7
> --- /dev/null
> +++ b/src/PVE/Auth/SAML.pm
> @@ -0,0 +1,248 @@
> +# Instructions for installation :
> +# apt-get install libxml2 make gcc libssl-dev libperl-dev git cpanminus
> +# cpanm Net::SAML2
> +# ln -s /usr/local/share/perl/5.28.1/Net/SAML2 /usr/share/perl/5.28.1/Net/SAML2
> +# ln -s /usr/local/share/perl/5.28.1/Net/SAML2 /usr/share/perl5/Net/SAML2
next prev parent reply other threads:[~2021-06-01 19:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-01 9:04 [pve-devel] [PATCH] [PATCH pve-access-control] SSO feature: login " Dietmar Maurer
2021-06-01 19:03 ` wb [this message]
2021-06-02 8:59 [pve-devel] RE : [PATCH] [PATCH pve-access-control] SSO feature:login " Dietmar Maurer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=689597d36cbfd5debb30f76164f88201@mwinf5d29.me-wanadoo.net \
--to=webmaster@jbsky.fr \
--cc=dietmar@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal