Re: [pve-devel] RE : RE : [PATCH] [PATCH pve-access-control] SSO feature:login with SAMLv2

all lists on lists.proxmox.com
 help / color / mirror / Atom feed

From: Dietmar Maurer <dietmar@proxmox.com>
To: wb <webmaster@jbsky.fr>,
	Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel]  RE : RE :  [PATCH] [PATCH pve-access-control] SSO feature:login with SAMLv2
Date: Wed, 2 Jun 2021 12:48:15 +0200 (CEST)	[thread overview]
Message-ID: <966663888.3483.1622630895184@webmail.proxmox.com> (raw)


> On 06/02/2021 12:16 PM wb <webmaster@jbsky.fr> wrote:
> 
> 
> > I also wonder why SAML? Would it be an option to use OpenId connect instead?
> As I was able to use SAML, I know the functional part and therefore, if I used SAML, it is only by ease.
> 
> Switch to OpenID, why not. The time I set up a functional POC.
> 
> On the other hand, I would like to know your constraints.

Sorry, what do you want to know exactly?

> Do you still want to use Rust? 

Yes. But I am still searching for usable crates:

openidconnect: https://github.com/ramosbugs/openidconnect-rs

Seems promising, but I have not done any testing so far...

> If yes, I am curious to know how to bind perl to Rust? Do you have an example?

https://git.proxmox.com/?p=perlmod.git;a=summary

Hope the inline docs and examples are good enough to start...

> I noticed from our exchange :
> During an API call, if the user is not authenticated, do not pass in private and privileged the writing on /tmp/.

yes, unprivileged users should not be able to write anything.

next             reply	other threads:[~2021-06-02 10:49 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-02 10:48 Dietmar Maurer [this message]
2021-06-03  8:24 ` [pve-devel] " Victor Hooi
  -- strict thread matches above, loose matches on Subject: below --
2021-06-02  8:59 [pve-devel] RE : " Dietmar Maurer
2021-06-02 10:16 ` [pve-devel] RE : " wb

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=966663888.3483.1622630895184@webmail.proxmox.com \
    --to=dietmar@proxmox.com \
    --cc=pve-devel@lists.proxmox.com \
    --cc=webmaster@jbsky.fr \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal