From: "Christoph Heiss" <c.heiss@proxmox.com>
To: "Markus Frank" <m.frank@proxmox.com>
Cc: pmg-devel <pmg-devel@lists.proxmox.com>
Subject: Re: [pmg-devel] [PATCH pmg-api/pmg-gui v4 0/3] add default realm option and OIDC configuration panel
Date: Thu, 20 Mar 2025 10:36:24 +0100 [thread overview]
Message-ID: <D8KZPW853GO0.3E6H7ZAY2QKNI@proxmox.com> (raw)
In-Reply-To: <20250319132959.5149-1-m.frank@proxmox.com>
Tested this with a up-to-date Keycloak.
Checked that upon first login of users, they get assigned the correct
role - for both fixed role assignments and from a OIDC claim.
Also made sure that the default realm selector works as intended - after
clearing `localStorage`, the correct default realm is shown.
W.r.t patch #3: Extending the `AuthEditOpenId` panel from
proxmox-widget-toolkit would probably be more work than its worth,
FWICS? No hard feelings from my side, looking at the required changes,
just that duplicating mostly-similar code is always bit of a PITA, if it
can be avoided.
And there isn't any documentation about the role assignment feature yet,
right? That should be done too, although a separate patch would be
enough too IMO, in case you don't respin this series.
Just a short explanation and mentioning the available values for the
role assignment from an OIDC claim.
In any case, please consider this series:
Tested-by: Christoph Heiss <c.heiss@proxmox.com>
Reviewed-by: Christoph Heiss <c.heiss@proxmox.com>
On Wed Mar 19, 2025 at 2:29 PM CET, Markus Frank wrote:
> v4:
> * removed the default value of the realm field in the LoginView so that
> the default realm is automatically selected.
>
> v3:
> * Patch 1/3 and 2/3 are new and allow the user to set the default realm.
> * see more v3 changes in Patch 3/3
>
>
> pmg-api:
>
> Markus Frank (1):
> Auth Plugin: stop forcing the default realm to be the pmg realm
>
> src/PMG/Auth/Plugin.pm | 2 --
> 1 file changed, 2 deletions(-)
>
>
>
> pmg-gui:
>
> Markus Frank (2):
> realms: enable default realm support
> add OIDC configuration panel for PMG
>
> js/AuthEditOIDC.js | 244 +++++++++++++++++++++++++++++++++++++++++++
> js/LoginView.js | 1 -
> js/Makefile | 1 +
> js/UserManagement.js | 1 +
> js/Utils.js | 17 +--
> 5 files changed, 257 insertions(+), 7 deletions(-)
> create mode 100644 js/AuthEditOIDC.js
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
next prev parent reply other threads:[~2025-03-20 9:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-19 13:29 Markus Frank
2025-03-19 13:29 ` [pmg-devel] [PATCH pmg-api v4 1/3] Auth Plugin: stop forcing the default realm to be the pmg realm Markus Frank
2025-03-19 13:29 ` [pmg-devel] [PATCH pmg-gui v4 2/3] realms: enable default realm support Markus Frank
2025-03-19 13:29 ` [pmg-devel] [PATCH pmg-gui v4 3/3] add OIDC configuration panel for PMG Markus Frank
2025-03-20 9:36 ` Christoph Heiss [this message]
2025-03-26 7:41 ` [pmg-devel] [PATCH pmg-api/pmg-gui v4 0/3] add default realm option and OIDC configuration panel Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D8KZPW853GO0.3E6H7ZAY2QKNI@proxmox.com \
--to=c.heiss@proxmox.com \
--cc=m.frank@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.