* Re: [pve-devel] [PATCH] [PATCH pve-http-server] SSO feature: login with SAMLv2
@ 2021-05-31 8:03 Dietmar Maurer
2021-05-31 9:49 ` [pve-devel] RE : [PATCH] [PATCH pve-http-server] SSO feature: loginwith SAMLv2 wb
0 siblings, 1 reply; 3+ messages in thread
From: Dietmar Maurer @ 2021-05-31 8:03 UTC (permalink / raw)
To: Proxmox VE development discussion, Julien BLAIS
I am trying to test your code, so I need a SAML Identity provider. What is
the best OSS implementation for that?
I tried lemonldap-ng, but there example configuration is a nightmare and
I was unable to get that running. Is there anything else I can use to test?.
- Dietmar
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pve-devel] RE : [PATCH] [PATCH pve-http-server] SSO feature: loginwith SAMLv2
2021-05-31 8:03 [pve-devel] [PATCH] [PATCH pve-http-server] SSO feature: login with SAMLv2 Dietmar Maurer
@ 2021-05-31 9:49 ` wb
0 siblings, 0 replies; 3+ messages in thread
From: wb @ 2021-05-31 9:49 UTC (permalink / raw)
To: Dietmar Maurer, Proxmox VE development discussion
Hi,
You can find the instructions on your forum at this address with keycloak as IdP.
⇨ https://forum.proxmox.com/threads/auth-module-openid-connect.79987/#post-390606
Keycloak is very easy to set up. You can even start from a docker container.
I will test later with lemonldap-ng to see if my code works with it.
Sincerely,
Julien Blais
De : Dietmar Maurer
Envoyé le :lundi 31 mai 2021 10:04
À : Proxmox VE development discussion; Julien BLAIS
Objet :Re: [pve-devel] [PATCH] [PATCH pve-http-server] SSO feature: loginwith SAMLv2
I am trying to test your code, so I need a SAML Identity provider. What is
the best OSS implementation for that?
I tried lemonldap-ng, but there example configuration is a nightmare and
I was unable to get that running. Is there anything else I can use to test?.
- Dietmar
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pve-devel] [PATCH] [PATCH pve-http-server] SSO feature: login with SAMLv2
2021-05-27 21:55 [pve-devel] [PATCH] [PATCH pve-access-control] SSO feature: login with SAMLv2 Julien BLAIS
@ 2021-05-27 21:55 ` Julien BLAIS
0 siblings, 0 replies; 3+ messages in thread
From: Julien BLAIS @ 2021-05-27 21:55 UTC (permalink / raw)
To: pve-devel; +Cc: Julien BLAIS
Add a formatted page that allows redirection.
For performance reasons, a raw format is used instead of a redirection initiated by the HTTP header.
/!\ Modification of the redirection URL for the /access/ticket endpoint.
Signed-off-by: Julien BLAIS <webmaster@jbsky.fr>
---
src/PVE/APIServer/Formatter/HTML.pm | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/src/PVE/APIServer/Formatter/HTML.pm b/src/PVE/APIServer/Formatter/HTML.pm
index 743d0ad..3a90aa8 100644
--- a/src/PVE/APIServer/Formatter/HTML.pm
+++ b/src/PVE/APIServer/Formatter/HTML.pm
@@ -277,7 +277,7 @@ PVE::APIServer::Formatter::register_page_formatter(
my $cookie = PVE::APIServer::Formatter::create_auth_cookie(
$data->{ticket}, $config->{cookie_name});
- my $headers = HTTP::Headers->new(Location => $get_portal_base_url->($config),
+ my $headers = HTTP::Headers->new(Location => '/',
'Set-Cookie' => $cookie);
return HTTP::Response->new(301, "Moved", $headers);
}
@@ -293,4 +293,27 @@ PVE::APIServer::Formatter::register_page_formatter(
return ($raw, $portal_ct);
});
+PVE::APIServer::Formatter::register_page_formatter(
+ 'format' => $portal_format,
+ method => 'GET',
+ path => "/access/saml",
+ code => sub {
+ my ($res, $data, $param, $path, $auth, $config) = @_;
+
+ # Get realm from cookie, see TODO part in POST /access/ticket
+ my $cookie = PVE::APIServer::Formatter::create_auth_cookie(
+ $data->{realm}, 'realm');
+
+ my $page = qq[<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+ <html>
+ <body>
+ <script type="text/javascript">if ('$data->{url}' != '') window.location.href='$data->{url}';</script>
+ </body>
+ </html>
+ ];
+ my $headers = HTTP::Headers->new('Set-Cookie' => $cookie);
+ return HTTP::Response->new(200, "Moved", $headers, $page);
+
+ });
+
1;
--
2.20.1
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-05-31 9:49 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-31 8:03 [pve-devel] [PATCH] [PATCH pve-http-server] SSO feature: login with SAMLv2 Dietmar Maurer
2021-05-31 9:49 ` [pve-devel] RE : [PATCH] [PATCH pve-http-server] SSO feature: loginwith SAMLv2 wb
-- strict thread matches above, loose matches on Subject: below --
2021-05-27 21:55 [pve-devel] [PATCH] [PATCH pve-access-control] SSO feature: login with SAMLv2 Julien BLAIS
2021-05-27 21:55 ` [pve-devel] [PATCH] [PATCH pve-http-server] " Julien BLAIS
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox