public inbox for pmg-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Christoph Heiss <c.heiss@proxmox.com>
To: Markus Frank <m.frank@proxmox.com>
Cc: pmg-devel@lists.proxmox.com
Subject: Re: [pmg-devel] [PATCH pve-common/proxmox-perl-rs/pmg-api/pmg-gui v3 0/8] fix #3892: OpenID
Date: Wed, 9 Oct 2024 13:30:19 +0200	[thread overview]
Message-ID: <ndeijynmohu27h5fvdifnpskmtlpeqregv6nynxk76t72awaiw@cugbamx4uqap> (raw)
In-Reply-To: <20240624090850.4683-1-m.frank@proxmox.com>

Just tested this series using Keycloak 26.0.0 as an OpenID provider.

Everything worked fine once it was set up for the OpenID side! Login via
OpenID worked, also tested the "Autocreate Users" feature (but see below
on that). The GUI dialog panel is from proxmox-widget-toolkit, so
nothing really new there.

I noticed however that there seems to be no dedicated PAM realm in the
login window, only PMG authentication server - but you can still login
with PAM credentials. These two should be real separate realms, much
like we have it for PVE/PBS.

Also, when using the "Autocreate Users" feature - should the (PMG) role
assigned to the user maybe be configurable? Since it currently just
defaults to Auditor, as it seems. (or am I missing something?)

Lastly, patches #2 and #3 need to be rebased on the latest master
of proxmox-perl-rs, they failed to apply (resolved that manually myself
to test them out for now). All other patches in this series apply on
their respective master cleanly.

Didn't really have a look at the code yet, so might do some reviews on
that too.

On Mon, Jun 24, 2024 at 11:08:42AM GMT, Markus Frank wrote:
> Patch-series to enable OpenID Login for PMG
>
> apply/compile order:
>
> 1. pve-common: add Schema package with auth module that contains realm sync options
> 2. proxmox-perl-rs: move openid code from pve-rs to common
> 3. proxmox-perl-rs: remove empty PMG::RS::OpenId package to avoid confusion
> 4. pmg-api: config: add plugin system for realms & add openid type realms
> 5. pmg-api: api: add/update/remove realms like in PVE
> 6. pmg-api: api: openid login similar to PVE
> 7. pmg-gui: login: add option to login with OpenID realm
> 8. pmg-gui: add panel for realms to User Management
>
>
> v3 changed only in proxmox-perl-rs and "pmg-api: api: openid login similar to PVE"
>
>
> pve-common:
>
> Markus Frank (1):
>   add Schema package with auth module that contains realm sync options
>
>  src/Makefile           |  2 ++
>  src/PVE/Schema/Auth.pm | 82 ++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 84 insertions(+)
>  create mode 100644 src/PVE/Schema/Auth.pm
>
>
> proxmox-perl-rs:
>
> v3: removed PMG wrapper as Proxmox::RS:OpenId can be used instead.
>
> Markus Frank (2):
>   move openid code from pve-rs to common
>   remove empty PMG::RS::OpenId package to avoid confusion
>
>  common/pkg/Makefile      |  1 +
>  common/src/mod.rs        |  1 +
>  common/src/openid/mod.rs | 63 ++++++++++++++++++++++++++++++++++++++++
>  pmg-rs/Cargo.toml        |  1 +
>  pmg-rs/Makefile          |  1 -
>  pmg-rs/debian/control    |  1 +
>  pve-rs/src/openid/mod.rs | 32 +++++---------------
>  7 files changed, 75 insertions(+), 25 deletions(-)
>  create mode 100644 common/src/openid/mod.rs
>
>
> pmg-api:
>
> v3: use Proxmox::RS:OpenId instead of PMG::RS::OpenId
>
> Markus Frank (3):
>   config: add plugin system for realms & add openid type realms
>   api: add/update/remove realms like in PVE
>   api: openid login similar to PVE
>
>  src/Makefile                  |   5 +
>  src/PMG/API2/AccessControl.pm |  17 ++-
>  src/PMG/API2/Authdomains.pm   | 274 ++++++++++++++++++++++++++++++++++
>  src/PMG/API2/OIDC.pm          | 243 ++++++++++++++++++++++++++++++
>  src/PMG/AccessControl.pm      |  31 ++++
>  src/PMG/Auth/OIDC.pm          |  99 ++++++++++++
>  src/PMG/Auth/PMG.pm           |  28 ++++
>  src/PMG/Auth/Plugin.pm        | 193 ++++++++++++++++++++++++
>  src/PMG/HTTPServer.pm         |   2 +
>  src/PMG/RESTEnvironment.pm    |  14 ++
>  src/PMG/UserConfig.pm         |  25 ++--
>  src/PMG/Utils.pm              |  29 +++-
>  12 files changed, 943 insertions(+), 17 deletions(-)
>  create mode 100644 src/PMG/API2/Authdomains.pm
>  create mode 100644 src/PMG/API2/OIDC.pm
>  create mode 100755 src/PMG/Auth/OIDC.pm
>  create mode 100755 src/PMG/Auth/PMG.pm
>  create mode 100755 src/PMG/Auth/Plugin.pm
>
>
> pmg-gui:
>
> Markus Frank (2):
>   login: add OpenID realms
>   add panel for realms to User Management
>
>  js/LoginView.js      | 200 +++++++++++++++++++++++++++++++++----------
>  js/UserManagement.js |   6 ++
>  js/Utils.js          |  15 ++++
>  3 files changed, 174 insertions(+), 47 deletions(-)
>
> --
> 2.39.2
>
>
>
> _______________________________________________
> pmg-devel mailing list
> pmg-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
>
>


_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel


  parent reply	other threads:[~2024-10-09 11:30 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-06-24  9:08 Markus Frank
2024-06-24  9:08 ` [pmg-devel] [PATCH pve-common v3 1/8] add Schema package with auth module that contains realm sync options Markus Frank
2024-06-24  9:08 ` [pmg-devel] [PATCH proxmox-perl-rs v3 2/8] move openid code from pve-rs to common Markus Frank
2024-10-09 11:30   ` Christoph Heiss
2024-06-24  9:08 ` [pmg-devel] [PATCH proxmox-perl-rs v3 3/8] remove empty PMG::RS::OpenId package to avoid confusion Markus Frank
2024-06-24  9:08 ` [pmg-devel] [PATCH pmg-api v3 4/8] config: add plugin system for realms & add openid type realms Markus Frank
2024-10-10  8:46   ` Christoph Heiss
2024-10-18 12:07   ` Christoph Heiss
2024-06-24  9:08 ` [pmg-devel] [PATCH pmg-api v3 5/8] api: add/update/remove realms like in PVE Markus Frank
2024-06-24  9:08 ` [pmg-devel] [PATCH pmg-api v3 6/8] api: openid login similar to PVE Markus Frank
2024-06-24  9:08 ` [pmg-devel] [PATCH pmg-gui v3 7/8] login: add OpenID realms Markus Frank
2024-06-24  9:08 ` [pmg-devel] [PATCH pmg-gui v3 8/8] add panel for realms to User Management Markus Frank
2024-10-09 11:30 ` Christoph Heiss [this message]
2024-11-14 16:19   ` [pmg-devel] [PATCH pve-common/proxmox-perl-rs/pmg-api/pmg-gui v3 0/8] fix #3892: OpenID Markus Frank
2024-11-22  9:12     ` Christoph Heiss

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ndeijynmohu27h5fvdifnpskmtlpeqregv6nynxk76t72awaiw@cugbamx4uqap \
    --to=c.heiss@proxmox.com \
    --cc=m.frank@proxmox.com \
    --cc=pmg-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal