From: Markus Frank <m.frank@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH perl-rs/pmg-api/widget-toolkit/pmg-gui v8 0/13] fix #3892: OpenID Connect
Date: Wed, 26 Feb 2025 15:07:27 +0100 [thread overview]
Message-ID: <20250226140740.55612-1-m.frank@proxmox.com> (raw)
Patch-series to enable OpenID Connect Login for PMG
apply/compile order:
proxmox-perl-rs:
1 move openid code from pve-rs to common
2 remove empty PMG::RS::OpenId package to avoid confusion
pmg-api:
3 config: add plugin system for authentication realms
4 config: add oidc type authentication realm
5 api: add/update/remove authentication realms like in PVE
6 api: oidc login similar to PVE
7 api: users: create user with a specified realm
proxmox-widget-toolkit:
8 fix: window: AuthEditBase: rename variable 'realm' to 'type'
9 fix: panel: AuthView: change API path in pmx-domains model
10 form: RealmComboBox: add option to change the API path
pmg-gui:
11 login: add option to login with OIDC realm
12 add realms panel to user management
13 user: add realm field for user creation
I still need to add an autocreate-role option to the WebUI. I will send
it as follow-up patch or in the next iteration if this series cannot be
applied yet.
v8:
* added "user: add realm field for user creation" patch
* added defaults in "config: add oidc type authentication realm"
* fixed "Use of uninitialized value in string" when realm is not set at
user creation
v7:
* removed "pve-common: add Schema package with auth module that contains
realm sync options" patch
* added "pmg-api: api: users: create user with a specified realm" patch
* removed tfa related code
* save realms after the username like in v5: username@realm
v6:
* renamed Realm to AuthRealm and renamed every domain variable to realm
* changed realm API-path from access/domains to access/auth-realm
v5:
* renamed openid/OpenId variables, filenames and modules to oidc/OIDC
wherever possible
* renamed Authdomains to Realm
v4:
* split "config: add plugin system for realms & add openid type realms"
patch into two patches
* use the name 'OpenId' for filenames, but use 'OIDC' as realm type name
* added autocreate-role option to set the role for automatically created
users in a realm, but currently not exposed in GUI (needs a lot of
changes in pmg-gui and proxmox-widget-toolkit)
proxmox-perl-rs:
Markus Frank (2):
move openid code from pve-rs to common
remove empty PMG::RS::OpenId package to avoid confusion
common/pkg/Makefile | 1 +
common/src/mod.rs | 1 +
common/src/oidc/mod.rs | 63 ++++++++++++++++++++++++++++++++++++++++
pmg-rs/Cargo.toml | 1 +
pmg-rs/Makefile | 1 -
pmg-rs/debian/control | 1 +
pve-rs/src/openid/mod.rs | 32 +++++---------------
7 files changed, 75 insertions(+), 25 deletions(-)
create mode 100644 common/src/oidc/mod.rs
pmg-api:
Markus Frank (5):
config: add plugin system for authentication realms
config: add oidc type authentication realm
api: add/update/remove authentication realms like in PVE
api: oidc login similar to PVE
api: users: create user with a specified realm
src/Makefile | 6 +
src/PMG/API2/AccessControl.pm | 17 ++-
src/PMG/API2/AuthRealm.pm | 264 ++++++++++++++++++++++++++++++++++
src/PMG/API2/OIDC.pm | 243 +++++++++++++++++++++++++++++++
src/PMG/API2/Users.pm | 4 +
src/PMG/AccessControl.pm | 40 ++++++
src/PMG/Auth/OIDC.pm | 103 +++++++++++++
src/PMG/Auth/PAM.pm | 21 +++
src/PMG/Auth/PMG.pm | 37 +++++
src/PMG/Auth/Plugin.pm | 202 ++++++++++++++++++++++++++
src/PMG/HTTPServer.pm | 4 +-
src/PMG/RESTEnvironment.pm | 14 ++
src/PMG/UserConfig.pm | 26 ++--
src/PMG/Utils.pm | 29 +++-
14 files changed, 991 insertions(+), 19 deletions(-)
create mode 100644 src/PMG/API2/AuthRealm.pm
create mode 100644 src/PMG/API2/OIDC.pm
create mode 100755 src/PMG/Auth/OIDC.pm
create mode 100755 src/PMG/Auth/PAM.pm
create mode 100755 src/PMG/Auth/PMG.pm
create mode 100755 src/PMG/Auth/Plugin.pm
widget-toolkit:
Markus Frank (3):
fix: window: AuthEditBase: rename variable 'realm' to 'type'
panel: AuthView: change API path in pmx-domains model
form: RealmComboBox: add option to change the API path
src/form/RealmComboBox.js | 2 ++
src/panel/AuthView.js | 21 +++++++++++++--------
src/window/AuthEditBase.js | 4 ++--
3 files changed, 17 insertions(+), 10 deletions(-)
pmg-gui:
Markus Frank (3):
login: add option to login with OIDC realm
add realms panel to user management
user: add realm field for user creation
js/LoginView.js | 209 ++++++++++++++++++++++++++++++++-----------
js/UserEdit.js | 47 ++++++++--
js/UserManagement.js | 8 ++
js/Utils.js | 16 ++++
4 files changed, 222 insertions(+), 58 deletions(-)
--
2.39.5
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
next reply other threads:[~2025-02-26 14:08 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-26 14:07 Markus Frank [this message]
2025-02-26 14:07 ` [pmg-devel] [PATCH proxmox-perl-rs v8 1/13] move openid code from pve-rs to common Markus Frank
2025-02-26 16:57 ` [pmg-devel] applied: " Thomas Lamprecht
2025-02-26 14:07 ` [pmg-devel] [PATCH proxmox-perl-rs v8 2/13] remove empty PMG::RS::OpenId package to avoid confusion Markus Frank
2025-02-26 16:58 ` [pmg-devel] applied: " Thomas Lamprecht
2025-02-26 17:55 ` [pmg-devel] " Stoiko Ivanov
2025-02-26 14:07 ` [pmg-devel] [PATCH pmg-api v8 3/13] config: add plugin system for authentication realms Markus Frank
2025-02-26 14:40 ` Stoiko Ivanov
2025-02-26 14:07 ` [pmg-devel] [PATCH pmg-api v8 4/13] config: add oidc type authentication realm Markus Frank
2025-02-26 14:07 ` [pmg-devel] [PATCH pmg-api v8 5/13] api: add/update/remove authentication realms like in PVE Markus Frank
2025-02-26 14:07 ` [pmg-devel] [PATCH pmg-api v8 6/13] api: oidc login similar to PVE Markus Frank
2025-02-26 14:41 ` Stoiko Ivanov
2025-02-26 14:07 ` [pmg-devel] [PATCH pmg-api v8 7/13] api: users: create user with a specified realm Markus Frank
2025-02-26 15:36 ` Mira Limbeck
2025-02-26 16:29 ` Mira Limbeck
2025-02-26 14:07 ` [pmg-devel] [PATCH widget-toolkit v8 08/13] fix: window: AuthEditBase: rename variable 'realm' to 'type' Markus Frank
2025-02-26 17:52 ` [pmg-devel] partially-applied-series: " Thomas Lamprecht
2025-02-26 14:07 ` [pmg-devel] [PATCH widget-toolkit v8 09/13] panel: AuthView: change API path in pmx-domains model Markus Frank
2025-02-26 14:07 ` [pmg-devel] [PATCH widget-toolkit v8 10/13] form: RealmComboBox: add option to change the API path Markus Frank
2025-02-26 14:07 ` [pmg-devel] [PATCH pmg-gui v8 11/13] login: add option to login with OIDC realm Markus Frank
2025-02-26 14:07 ` [pmg-devel] [PATCH pmg-gui v8 12/13] add realms panel to user management Markus Frank
2025-02-26 14:07 ` [pmg-devel] [PATCH pmg-gui v8 13/13] user: add realm field for user creation Markus Frank
2025-02-26 20:17 ` [pmg-devel] applied: [PATCH perl-rs/pmg-api/widget-toolkit/pmg-gui v8 0/13] fix #3892: OpenID Connect Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250226140740.55612-1-m.frank@proxmox.com \
--to=m.frank@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal