From: Julien BLAIS <webmaster@jbsky.fr>
To: pve-devel@lists.proxmox.com
Cc: Julien BLAIS <webmaster@jbsky.fr>
Subject: [pve-devel] [PATCH] [PATCH pve-http-server] SSO feature: login with SAMLv2
Date: Thu, 27 May 2021 23:55:13 +0200 [thread overview]
Message-ID: <20210527215511.28243-3-webmaster@jbsky.fr> (raw)
In-Reply-To: <20210527215511.28243-1-webmaster@jbsky.fr>
Add a formatted page that allows redirection.
For performance reasons, a raw format is used instead of a redirection initiated by the HTTP header.
/!\ Modification of the redirection URL for the /access/ticket endpoint.
Signed-off-by: Julien BLAIS <webmaster@jbsky.fr>
---
src/PVE/APIServer/Formatter/HTML.pm | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/src/PVE/APIServer/Formatter/HTML.pm b/src/PVE/APIServer/Formatter/HTML.pm
index 743d0ad..3a90aa8 100644
--- a/src/PVE/APIServer/Formatter/HTML.pm
+++ b/src/PVE/APIServer/Formatter/HTML.pm
@@ -277,7 +277,7 @@ PVE::APIServer::Formatter::register_page_formatter(
my $cookie = PVE::APIServer::Formatter::create_auth_cookie(
$data->{ticket}, $config->{cookie_name});
- my $headers = HTTP::Headers->new(Location => $get_portal_base_url->($config),
+ my $headers = HTTP::Headers->new(Location => '/',
'Set-Cookie' => $cookie);
return HTTP::Response->new(301, "Moved", $headers);
}
@@ -293,4 +293,27 @@ PVE::APIServer::Formatter::register_page_formatter(
return ($raw, $portal_ct);
});
+PVE::APIServer::Formatter::register_page_formatter(
+ 'format' => $portal_format,
+ method => 'GET',
+ path => "/access/saml",
+ code => sub {
+ my ($res, $data, $param, $path, $auth, $config) = @_;
+
+ # Get realm from cookie, see TODO part in POST /access/ticket
+ my $cookie = PVE::APIServer::Formatter::create_auth_cookie(
+ $data->{realm}, 'realm');
+
+ my $page = qq[<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+ <html>
+ <body>
+ <script type="text/javascript">if ('$data->{url}' != '') window.location.href='$data->{url}';</script>
+ </body>
+ </html>
+ ];
+ my $headers = HTTP::Headers->new('Set-Cookie' => $cookie);
+ return HTTP::Response->new(200, "Moved", $headers, $page);
+
+ });
+
1;
--
2.20.1
next prev parent reply other threads:[~2021-05-27 21:57 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-27 21:55 [pve-devel] [PATCH] [PATCH pve-access-control] " Julien BLAIS
2021-05-27 21:55 ` [pve-devel] [PATCH] [PATCH pve-cluster] " Julien BLAIS
2021-05-27 21:55 ` Julien BLAIS [this message]
2021-05-27 21:55 ` [pve-devel] [PATCH container] [PATCH pve-manager] " Julien BLAIS
2021-05-28 7:38 ` [pve-devel] [PATCH] [PATCH pve-access-control] " Thomas Lamprecht
2021-05-28 12:11 ` [pve-devel] RE : [PATCH] [PATCH pve-access-control] SSO feature: loginwith SAMLv2 wb
2021-05-31 8:03 [pve-devel] [PATCH] [PATCH pve-http-server] SSO feature: login with SAMLv2 Dietmar Maurer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210527215511.28243-3-webmaster@jbsky.fr \
--to=webmaster@jbsky.fr \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox