From: Markus Frank <m.frank@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH pve-common/perl-rs/pmg-api/widget-toolkit/pmg-gui v6 0/12] fix #3892: OpenID Connect
Date: Tue, 25 Feb 2025 14:36:07 +0100 [thread overview]
Message-ID: <20250225133619.42012-1-m.frank@proxmox.com> (raw)
Patch-series to enable OpenID Connect Login for PMG
apply/compile order:
pve-common:
1 add Schema package with auth module that contains realm sync options
proxmox-perl-rs:
2 move openid code from pve-rs to common
3 remove empty PMG::RS::OpenId package to avoid confusion
pmg-api:
4 config: add plugin system for authentication realms
5 config: add oidc type authentication realm
6 api: add/update/remove authentication realms like in PVE
7 api: oidc login similar to PVE
proxmox-widget-toolkit:
8 fix: window: AuthEditBase: rename variable 'realm' to 'type'
9 fix: panel: AuthView: change API path in pmx-domains model
10 form: RealmComboBox: add option to change the API path
pmg-gui:
11 login: add option to login with OIDC realm
12 add realms panel to user management
I still need to add the option to create users for other realms than PMG
in the API and WebUI. The autocreate option of the OIDC realm can be
used instead for now. Also the autocreate-role option needs to be
exposed to the WebUI. I will send these things as follow-up patches or
in the next iteration if this series cannot be applied yet.
v6:
* renamed Realm to AuthRealm and renamed every domain variable to realm
* changed realm API-path from access/domains to access/auth-realm
* more v6-changes described in the individual patches
v5:
* renamed openid/OpenId variables, filenames and modules to oidc/OIDC
wherever possible
* renamed Authdomains to Realm
v4:
* split "config: add plugin system for realms & add openid type realms"
patch into two patches
* use the name 'OpenId' for filenames, but use 'OIDC' as realm type name
* added autocreate-role option to set the role for automatically created
users in a realm, but currently not exposed in GUI (needs a lot of
changes in pmg-gui and proxmox-widget-toolkit)
pve-common:
Markus Frank (1):
add Schema package with auth module that contains realm sync options
src/Makefile | 2 ++
src/PVE/Schema/Auth.pm | 46 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 48 insertions(+)
create mode 100644 src/PVE/Schema/Auth.pm
proxmox-perl-rs:
Markus Frank (2):
move openid code from pve-rs to common
remove empty PMG::RS::OpenId package to avoid confusion
common/pkg/Makefile | 1 +
common/src/mod.rs | 1 +
common/src/oidc/mod.rs | 63 ++++++++++++++++++++++++++++++++++++++++
pmg-rs/Cargo.toml | 1 +
pmg-rs/Makefile | 1 -
pmg-rs/debian/control | 1 +
pve-rs/src/openid/mod.rs | 32 +++++---------------
7 files changed, 75 insertions(+), 25 deletions(-)
create mode 100644 common/src/oidc/mod.rs
pmg-api:
Markus Frank (4):
config: add plugin system for authentication realms
config: add oidc type authentication realm
api: add/update/remove authentication realms like in PVE
api: oidc login similar to PVE
src/Makefile | 6 +
src/PMG/API2/AccessControl.pm | 17 ++-
src/PMG/API2/AuthRealm.pm | 274 ++++++++++++++++++++++++++++++++++
src/PMG/API2/OIDC.pm | 243 ++++++++++++++++++++++++++++++
src/PMG/API2/Users.pm | 1 +
src/PMG/AccessControl.pm | 40 +++++
src/PMG/Auth/OIDC.pm | 101 +++++++++++++
src/PMG/Auth/PAM.pm | 22 +++
src/PMG/Auth/PMG.pm | 39 +++++
src/PMG/Auth/Plugin.pm | 203 +++++++++++++++++++++++++
src/PMG/HTTPServer.pm | 4 +-
src/PMG/RESTEnvironment.pm | 14 ++
src/PMG/UserConfig.pm | 24 ++-
src/PMG/Utils.pm | 29 +++-
14 files changed, 1001 insertions(+), 16 deletions(-)
create mode 100644 src/PMG/API2/AuthRealm.pm
create mode 100644 src/PMG/API2/OIDC.pm
create mode 100755 src/PMG/Auth/OIDC.pm
create mode 100755 src/PMG/Auth/PAM.pm
create mode 100755 src/PMG/Auth/PMG.pm
create mode 100755 src/PMG/Auth/Plugin.pm
widget-toolkit:
Markus Frank (3):
fix: window: AuthEditBase: rename variable 'realm' to 'type'
fix: panel: AuthView: change API path in pmx-domains model
form: RealmComboBox: add option to change the API path
src/form/RealmComboBox.js | 2 ++
src/panel/AuthView.js | 20 ++++++++++++--------
src/window/AuthEditBase.js | 4 ++--
3 files changed, 16 insertions(+), 10 deletions(-)
pmg-gui:
Markus Frank (2):
login: add option to login with OIDC realm
add realms panel to user management
js/LoginView.js | 209 ++++++++++++++++++++++++++++++++-----------
js/UserManagement.js | 7 ++
js/Utils.js | 16 ++++
3 files changed, 181 insertions(+), 51 deletions(-)
--
2.39.5
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
next reply other threads:[~2025-02-25 13:37 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-25 13:36 Markus Frank [this message]
2025-02-25 13:36 ` [pmg-devel] [PATCH pve-common v6 1/12] add Schema package with auth module that contains realm sync options Markus Frank
2025-02-25 17:24 ` Thomas Lamprecht
2025-02-25 13:36 ` [pmg-devel] [PATCH proxmox-perl-rs v6 2/12] move openid code from pve-rs to common Markus Frank
2025-02-25 13:36 ` [pmg-devel] [PATCH proxmox-perl-rs v6 3/12] remove empty PMG::RS::OpenId package to avoid confusion Markus Frank
2025-02-25 13:36 ` [pmg-devel] [PATCH pmg-api v6 4/12] config: add plugin system for authentication realms Markus Frank
2025-02-25 16:32 ` Stoiko Ivanov
2025-02-25 13:36 ` [pmg-devel] [PATCH pmg-api v6 5/12] config: add oidc type authentication realm Markus Frank
2025-02-26 10:20 ` Mira Limbeck
2025-02-25 13:36 ` [pmg-devel] [PATCH pmg-api v6 6/12] api: add/update/remove authentication realms like in PVE Markus Frank
2025-02-25 13:36 ` [pmg-devel] [PATCH pmg-api v6 7/12] api: oidc login similar to PVE Markus Frank
2025-02-25 13:36 ` [pmg-devel] [PATCH widget-toolkit v6 08/12] fix: window: AuthEditBase: rename variable 'realm' to 'type' Markus Frank
2025-02-25 13:36 ` [pmg-devel] [PATCH widget-toolkit v6 09/12] fix: panel: AuthView: change API path in pmx-domains model Markus Frank
2025-02-25 17:33 ` Markus Frank
2025-02-25 13:36 ` [pmg-devel] [PATCH widget-toolkit v6 10/12] form: RealmComboBox: add option to change the API path Markus Frank
2025-02-25 13:36 ` [pmg-devel] [PATCH pmg-gui v6 11/12] login: add option to login with OIDC realm Markus Frank
2025-02-25 13:36 ` [pmg-devel] [PATCH pmg-gui v6 12/12] add realms panel to user management Markus Frank
2025-02-26 11:08 ` [pmg-devel] [PATCH pve-common/perl-rs/pmg-api/widget-toolkit/pmg-gui v6 0/12] fix #3892: OpenID Connect Mira Limbeck
2025-02-26 11:30 ` Lukas Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250225133619.42012-1-m.frank@proxmox.com \
--to=m.frank@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal