From: Thomas Skinner <thomas@atskinner.net>
To: pve-devel@lists.proxmox.com
Cc: Thomas Skinner <thomas@atskinner.net>
Subject: [pve-devel] [PATCH SERIES openid/access-control/docs/manager] fix #4411: add support for openid groups
Date: Sun, 1 Sep 2024 11:55:08 -0500 [thread overview]
Message-ID: <20240901165512.687801-1-thomas@atskinner.net> (raw)
This patch series adds support for groups for OpenID logins.
The following options are implemented:
- Configurable claim for retrieving a list of groups and adding them to the
user in PVE
- Allowing "synchronization" of groups on login by overriding groups assigned
to the user in PVE (this option is off by default)
- Replacing invalid characters in group names with a configurable valid characters
(by default, this is an underscore '_')
The logic implemented by this patch expects the groups claim in the ID token/userinfo
endpoint to send a list of groups.
This patch also adds support for using additional claims from the OpenID provider
by exposing all additional claims and their values from the ID token (previously
only available for the userinfo endpoint). This is necessary for OpenID providers
that do not support additional information in the userinfo endpoint.
proxmox/proxmox-openid:
Thomas Skinner (1):
fix #4411: openid: add library code for openid groups support
proxmox-openid/src/lib.rs | 55 +++++++++++++++++++++++++++++++++------
1 file changed, 47 insertions(+), 8 deletions(-)
pve-access-control:
Thomas Skinner (1):
fix #4411: openid: add logic for openid groups support
src/PVE/API2/OpenId.pm | 32 ++++++++++++++++++++++++++++++++
src/PVE/Auth/OpenId.pm | 21 +++++++++++++++++++++
2 files changed, 53 insertions(+)
pve-docs:
Thomas Skinner (1):
fix #4411: openid: add docs for openid groups support
api-viewer/apidata.js | 40 ++++++++++++++++++++++++++++++++++++++++
pveum.adoc | 32 ++++++++++++++++++++++++++++++++
2 files changed, 72 insertions(+)
pve-manager:
Thomas Skinner (1):
fix #4411: openid: add ui config for openid groups support
www/manager6/dc/AuthEditOpenId.js | 35 ++++++++++++++++++++++++++++---
1 file changed, 32 insertions(+), 3 deletions(-)
--
2.39.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next reply other threads:[~2024-09-02 8:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-01 16:55 Thomas Skinner [this message]
2024-09-01 16:55 ` [pve-devel] [PATCH docs 1/1] fix #4411: openid: add docs for openid groups support Thomas Skinner
2024-09-01 16:55 ` [pve-devel] [PATCH openid 1/1] fix #4411: openid: add library code " Thomas Skinner
2024-09-01 16:55 ` [pve-devel] [PATCH access-control 1/1] fix #4411: openid: add logic " Thomas Skinner
2024-09-01 16:55 ` [pve-devel] [PATCH manager 1/1] fix #4411: openid: add ui config " Thomas Skinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240901165512.687801-1-thomas@atskinner.net \
--to=thomas@atskinner.net \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox