From: Julien BLAIS <webmaster@jbsky.fr>
To: pve-devel@lists.proxmox.com
Cc: Julien BLAIS <webmaster@jbsky.fr>
Subject: [pve-devel] [PATCH container] [PATCH pve-manager] SSO feature: login with SAMLv2
Date: Thu, 27 May 2021 23:55:14 +0200 [thread overview]
Message-ID: <20210527215511.28243-4-webmaster@jbsky.fr> (raw)
In-Reply-To: <20210527215511.28243-1-webmaster@jbsky.fr>
Part allowing to add a SAML authentication
Adding the rule that the endpoint /access/saml does not need authentication
Signed-off-by: Julien BLAIS <webmaster@jbsky.fr>
---
PVE/HTTPServer.pm | 3 +-
www/manager6/Makefile | 1 +
www/manager6/Utils.js | 5 +++
www/manager6/dc/AuthEditSAML.js | 65 +++++++++++++++++++++++++++++++++
4 files changed, 73 insertions(+), 1 deletion(-)
create mode 100644 www/manager6/dc/AuthEditSAML.js
diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index 636b562b..3e64943a 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -68,7 +68,8 @@ sub auth_handler {
# explicitly allow some calls without auth
if (($rel_uri eq '/access/domains' && $method eq 'GET') ||
- ($rel_uri eq '/access/ticket' && ($method eq 'GET' || $method eq 'POST'))) {
+ ($rel_uri eq '/access/ticket' && ($method eq 'GET' || $method eq 'POST')) ||
+ ($rel_uri eq '/access/saml' && $method eq 'GET' )) {
$require_auth = 0;
}
diff --git a/www/manager6/Makefile b/www/manager6/Makefile
index 506b5a4e..fc89215e 100644
--- a/www/manager6/Makefile
+++ b/www/manager6/Makefile
@@ -119,6 +119,7 @@ JSSRC= \
dc/AuthEditBase.js \
dc/AuthEditAD.js \
dc/AuthEditLDAP.js \
+ dc/AuthEditSAML.js \
dc/AuthView.js \
dc/Backup.js \
dc/Cluster.js \
diff --git a/www/manager6/Utils.js b/www/manager6/Utils.js
index d9567979..600b81e9 100644
--- a/www/manager6/Utils.js
+++ b/www/manager6/Utils.js
@@ -740,6 +740,11 @@ Ext.define('PVE.Utils', {
syncipanel: 'pveAuthLDAPSyncPanel',
add: true,
},
+ saml: {
+ name: gettext('SAMLv2'),
+ ipanel: 'pveAuthSAMLPanel',
+ add: true,
+ },
pam: {
name: 'Linux PAM',
ipanel: 'pveAuthBasePanel',
diff --git a/www/manager6/dc/AuthEditSAML.js b/www/manager6/dc/AuthEditSAML.js
new file mode 100644
index 00000000..3794bccd
--- /dev/null
+++ b/www/manager6/dc/AuthEditSAML.js
@@ -0,0 +1,65 @@
+Ext.define('PVE.panel.SAMLInputPanel', {
+ extend: 'PVE.panel.AuthBase',
+ xtype: 'pveAuthSAMLPanel',
+
+ initComponent: function() {
+ let me = this;
+
+ if (me.type !== 'saml') {
+ throw 'invalid type';
+ }
+
+ me.column1 = [
+ {
+ xtype: 'textfield',
+ name: 'Identity_Provider_Entity_ID',
+ fieldLabel: gettext('IdP Entity ID'),
+ emptyText: '',
+ allowBlank: false,
+ },
+ {
+ xtype: 'textfield',
+ name: 'Identity_Provider_Url_Metadata',
+ emptyText: '',
+ fieldLabel: gettext('IdP Url Metadata'),
+ allowBlank: true,
+ },
+ {
+ name: 'Identity_Provider_x509_CA_Certificate',
+ emptyText: '',
+ fieldLabel: gettext('IdP x509 CA Certificate'),
+ allowBlank: true,
+ xtype: 'textarea',
+ },
+ ];
+
+ me.column2 = [
+ {
+ xtype: 'textfield',
+ fieldLabel: gettext('SP Entity ID'),
+ allowBlank: false,
+ name: 'Service_Provider_Entity_ID',
+ },
+ {
+ xtype: 'textarea',
+ fieldLabel: gettext('SP Private key'),
+ allowBlank: true,
+ name: 'Service_Provider_Private_Key',
+ }
+ ];
+
+ me.callParent();
+ },
+ onGetValues: function(values) {
+ let me = this;
+
+ if (!values.verify) {
+ if (!me.isCreate) {
+ Proxmox.Utils.assemble_field_data(values, { 'delete': 'verify' });
+ }
+ delete values.verify;
+ }
+
+ return me.callParent([values]);
+ },
+});
--
2.20.1
next prev parent reply other threads:[~2021-05-27 21:57 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-27 21:55 [pve-devel] [PATCH] [PATCH pve-access-control] " Julien BLAIS
2021-05-27 21:55 ` [pve-devel] [PATCH] [PATCH pve-cluster] " Julien BLAIS
2021-05-27 21:55 ` [pve-devel] [PATCH] [PATCH pve-http-server] " Julien BLAIS
2021-05-27 21:55 ` Julien BLAIS [this message]
2021-05-28 7:38 ` [pve-devel] [PATCH] [PATCH pve-access-control] " Thomas Lamprecht
2021-05-28 12:11 ` [pve-devel] RE : [PATCH] [PATCH pve-access-control] SSO feature: loginwith SAMLv2 wb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210527215511.28243-4-webmaster@jbsky.fr \
--to=webmaster@jbsky.fr \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox