* Re: [pve-devel] Groups for OpenID Connect?
@ 2021-12-24 6:22 Dietmar Maurer
2021-12-24 6:45 ` Victor Hooi
2021-12-24 7:20 ` Josef Per Johansson
0 siblings, 2 replies; 5+ messages in thread
From: Dietmar Maurer @ 2021-12-24 6:22 UTC (permalink / raw)
To: Proxmox VE development discussion, Victor Hooi
> However, is there any support for groups in OpenID Connect, or a similar concept?
In OpenID, it is possible to request "scopes" from the server, which can then send additional data (claims).
But I am unsure if and how people use those system to manage groups. So what kind of OpenID server do you use, and how does it store the group information?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [pve-devel] Groups for OpenID Connect?
2021-12-24 6:22 [pve-devel] Groups for OpenID Connect? Dietmar Maurer
@ 2021-12-24 6:45 ` Victor Hooi
2021-12-24 7:20 ` Josef Per Johansson
1 sibling, 0 replies; 5+ messages in thread
From: Victor Hooi @ 2021-12-24 6:45 UTC (permalink / raw)
To: Dietmar Maurer; +Cc: Proxmox VE development discussion
Hi,
This endpoint here would be Google Workspace (i.e. Google's OIDC provider).
Currently, in the Proxmox LDAP sync - it translates Google Groups (in the
Google Workspace domain) into LDAP groups, which is what we want.
I'm not too familiar with the OIDC - I do know that Google Workspace has
it's own APIs to lookup group membership:
https://stackoverflow.com/questions/16601699/determine-whether-user-is-group-member
https://developers.google.com/admin-sdk/directory/v1/guides/manage-groups#get_all_member_groups
It sounds like that might have to be added into Proxmox, though?
Thanks,
Victor
On Fri, 24 Dec 2021 at 17:22, Dietmar Maurer <dietmar@proxmox.com> wrote:
> > However, is there any support for groups in OpenID Connect, or a similar
> concept?
>
> In OpenID, it is possible to request "scopes" from the server, which can
> then send additional data (claims).
>
> But I am unsure if and how people use those system to manage groups. So
> what kind of OpenID server do you use, and how does it store the group
> information?
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [pve-devel] Groups for OpenID Connect?
2021-12-24 6:22 [pve-devel] Groups for OpenID Connect? Dietmar Maurer
2021-12-24 6:45 ` Victor Hooi
@ 2021-12-24 7:20 ` Josef Per Johansson
1 sibling, 0 replies; 5+ messages in thread
From: Josef Per Johansson @ 2021-12-24 7:20 UTC (permalink / raw)
To: Proxmox VE development discussion, Victor Hooi
Hi,
I have started to look at authentik.io, seems quite nice.
Sent from Nine
________________________________
From: Dietmar Maurer <dietmar@proxmox.com>
Sent: Friday, 24 December 2021 07:28
To: Proxmox VE development discussion; Victor Hooi
Subject: Re: [pve-devel] Groups for OpenID Connect?
> However, is there any support for groups in OpenID Connect, or a similar concept?
In OpenID, it is possible to request "scopes" from the server, which can then send additional data (claims).
But I am unsure if and how people use those system to manage groups. So what kind of OpenID server do you use, and how does it store the group information?
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [pve-devel] Groups for OpenID Connect?
@ 2021-12-24 10:14 Dietmar Maurer
0 siblings, 0 replies; 5+ messages in thread
From: Dietmar Maurer @ 2021-12-24 10:14 UTC (permalink / raw)
To: Victor Hooi; +Cc: Proxmox VE development discussion
> This endpoint here would be Google Workspace (i.e. Google's OIDC provider).
>
> Currently, in the Proxmox LDAP sync - it translates Google Groups (in the Google Workspace domain) into LDAP groups, which is what we want.
>
> I'm not too familiar with the OIDC - I do know that Google Workspace has it's own APIs to lookup group membership:
OIDC does not provide any snyc protocol, so this kind of thing is impossible.
^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <CAMnnoUJURoL9+hPix-J4b76DRXWSh9SKnDhwoES1C5cQR9x5wg.ref@mail.gmail.com>]
end of thread, other threads:[~2021-12-24 10:15 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-24 6:22 [pve-devel] Groups for OpenID Connect? Dietmar Maurer
2021-12-24 6:45 ` Victor Hooi
2021-12-24 7:20 ` Josef Per Johansson
-- strict thread matches above, loose matches on Subject: below --
2021-12-24 10:14 Dietmar Maurer
[not found] <CAMnnoUJURoL9+hPix-J4b76DRXWSh9SKnDhwoES1C5cQR9x5wg.ref@mail.gmail.com>
2021-12-24 5:37 ` Victor Hooi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox