From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 371A16932D for ; Thu, 12 Nov 2020 19:05:53 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 298F113AA4 for ; Thu, 12 Nov 2020 19:05:53 +0100 (CET) Received: from sonic314-21.consmr.mail.ne1.yahoo.com (sonic314-21.consmr.mail.ne1.yahoo.com [66.163.189.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id E764C13A8F for ; Thu, 12 Nov 2020 19:05:51 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605204344; bh=6QXXFx/Rteg9pKCI+zwTF8vc+LZGm5emYnkqwJ+Od30=; h=From:Date:Subject:To:References:From:Subject; b=Fw2pHPrPXfLoQDi1C3YIfrNSlW+6ml5jzLPXHFCkWF1yi55T9YgTadi7I6C7kl9AlMpRI1A/WwaJ7FAmyaAs7ZrRyRVc69A7igjzf0XlluSVO/w1IH5fYlOcbQsgCJKla3Q/XH0DG7h3aBA28+jyZkmScaVm7eD+bkpv3JxaazQ8pHprdYqF2nYN3qDheboqpo0FSifku1im7Ft8jm7p+dAG9QaNDp08yZ0+s8fcBYe6RXjBEMBdvrZjjWAsmKgjNAKXo1g3mloDsIGu1hEMTxsecseCwbEAPuIF1hXUHQPi0HkonTu73h6ETls+roGt1p1+x1l2YvxGnl3x/6CTgQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1605204344; bh=N4rJ7hHpA1n0n1Fuq0sJTnh02oLHLHgsOUHddxvRhx9=; h=From:Date:Subject:To:From:Subject; b=FOXajPhYi4D7F1psQkcSz2QLhLoBD8ZR62oskjttQ9S4p7YiQ6cE6ZSGcCXnYxUVGOM/rD/vEoHJpO4yt784KjJWo92NcswUOfbCwYnCyhs/68dppDl2jRVm9sYbOYKYT3vOs8eU0jIPQ6H+teHbb2ak8dJkQjHJcRAzjVdbmg0dIoTsyj0gcdBD/nOrapakE3glEKxaeAODRS7AF5pvywpdkN+JAOaJx+S9i7ydMi1/10gQIii0sQkpMCp9IsO5lbueeoMl/WHGTib9Hhs+jVDVjVbGp2IaM6lwOLSzVnzjn1vTx/GJpnKj3WKXLwh5Nj5GPlxBK3gSCvK0K2I75Q== X-YMail-OSG: drrKgsoVM1nw96C6ShW149PyjRVwkQDmhikQ7TuAqGBVjmiIu3UT9B0z6glFtX7 R_DryCm1qSR1WbhBhTfRZ3hqpjhpdt27HL6E.0kzmGG1CMg64wbPPGIpbaY8LwPih.vOjeWrq8nc KAyNaeS3DXZJbNnkKkVISeBvGaTD4T76ohRTMSws7_cjpzPxAbTPjaGb6FzDKQmoyRZRZsvUHSYK TcGANudbkKywCstJYKwZ3qkSBRwuYeTNHuezqm2Uz2kU2LfniXTY212x_ejgs.DyI.HaLVD9WEfb 5nFtWJR3ELeaCHN0yByusK1.vp67H5OVNYyaoHAN.XL7f.3y4x9wFzfQ1I8inofrb6vrkU3Sg2TR _VDRFGbPOFqitYgVghHF9ycXt5swxvjIS7OgiThIZsaVwIpZo90uuRpgKJ4jIlLNTNBACFYu2.n9 PO6h.nh1qoJabZB3fPyW3GbohcHfzInpcgnWy_5e1bXBtZaijtsptoMuxZ7WOrZd9duMPzcHqbjT Rs1egevC2S8bBbUlURAesDNXP3EIlz1grn9Bp8R3ZUv1pYaG_bOiBds9IRQs.tc5TQqF9MHezv75 ASJU4E3wNGJMaMWlO_FlUeipjoFUwblF.SsQvda59uq7AvNSMWPi4VA.Z6RCsoFcakEPtzYl.iw5 vOkogYEAbN6Q_VioZrwgptNr42EvS9_9k1K_aIVKfz7m1u2M08wd4DYvbn0i.j.7C2NDlbgk4bMm hbF426rjiIrhEPHJs7GOL28GPdoYB.7qAp8aby_3GdCTJSKqoXfWBuzRqkqD4EB2WfdKMA5fIOHv qulxniTexynZCtl06ug3H4I2cYwuGS_qv.akHZzZlU86lDqUyjwc8QNjF.NNmTbPhwMuKQc3qAzZ m33K8hqS9q05w1E0tp8l08gOpt17qiRKzOA5sZXzcI7I8dF38didbSYg5TAAUQb2FJcDmYb1lA2S J2e8QTluMlrlL7sD2e1nBVOzNFp0hX9xwrJXZIQkncbnQWHUc9WBFgFV6.WqOMH7xQNHbEF9TJZ0 DbzgEyJ2o0zPh8bIm0POyarMz9MGsUKWnvTO8MZJOPgOfLYdmYztGdaSVFc_AuRNaw1z2TmRV6wq kli_mvGTEvodVpdchDDDNRL1Vq3np4CnmavfjLIA5D4ydJFeL1wTgWdSaXrnxVzH.yG15r_mRUyQ VJ8hmwZNxJvzxN3OCpiathMi9HWgtyn67YJn7E6QSkJF8MAya0eB5glYkyC5Nj5IiKQYL19glajk OH7N9zX1nUwUKDooCt1hb8eAGaePK_w3iE3GrnVAgKuv87wOyYqtR53HqDs2rSfe6fm4UNZaFkpM KD7trhc0S4rz4P7dL2ZtLir8bWcfWMJ3SCoTQpzalSBK005oK43G9bnGGvQ7YyRdfU8cdux5cQNB L5zHezkgr7nz6ZVMZMHvl.WLoDhJPH9O2jkAhN_6Huvrr98w2IULWaA_A0Xqap2iIPIDSSuTCNhb mwDUvCbrrqOV6ALpA_uknE3Rg297TyQPFbY.QRXRbZcAFSOQAvr3ZKfNavQpRYv8xlSyxihqMFyW gzMn45I4ocimXpKkUSTxcsO3gF2k.1sYj5teq075dr8W92rDeFIrxqF8xixtuPrps_9oNSqSH6Gn rofGrjn1UF_3NeIzdFrcEO8JeFcr2eZWdjYPYYaathfAhkI6dtzDKdrlYpcMkjAejOBQJ8MFbqzC DYpRjk7asM90Q26rXYZScOaWGpddBwoyn6MaI1jfWDtlCbqvIRXekJ2cMoyyJ1Ocv0SeUS68F8IJ vvEm_RA849VRDk0isfNFaICwsVfd4L1NnbggMbe7Oyd0CqrRAc8y3WNfu6NnDJeugKgrGrWi1ZCM soKyNNk8V.CdWhOL2vrRIDNhcwqGS76x2xROx_ofGo2XfNZHNl6JpaI19IU.NtlUgeDPAQAl7xqp rZ3Wn2WHi9tjSKX8XQdbfrBk7_MA1_TrSZdmcV0.BbsG5xCfFz93HeWpif2gNeet.5g7tsLsHIHZ MGdMKWqLJCNmhrwkgdE6aiDMkD7MpHGmvFJTuYYXfKnceMFqcnoGRQRJeZqKEI1JOCx1UXbSIZVX Zt4hNZo4udN2InQQPoNo7hz.K1xvk5KB9TGNINn1WErRljGkIE4FZlmTmhWSv6vxONyzKeN3lAQf fsV1eDpo0C73AxLlCVsy8nFgFZEhjwaiczvW5MFFSn8frpfZZtlnXqVWphcNmesabG2.fhLAcezA dO5Y.eIPEdOCsQ_alSrtPJ7PlNX73fDEUjC2TWmva3se_ad6wEpjsAvT55FSKEM3yC0L0K1RPAQ3 ceBx5aGXbLMZuv24iH.Ziro03k8BOLMDtj_3UwKUkNaehzoXj55KQPJ330n4hJM_4wwWaibqGfqJ tq6RlfnSMWQj9ns0SQcJTZuiR6QeZZORgpzSbyyVaHrTa_.dByEexth17WU5vOvjZh.URJIeUB3F 47XWeV6h2UYgdmzzbX7zLtOzA38zXlH9nbUD0YH.UfZwdeHvqf4R2phyA.Gj3AArMChuXEPMmJP_ n95Snbju6el1YaOaJ4g4l33FKZ27RE1C1sor3VpzOtDJwnhtT8MiDg.RYpTX9KnqVnTKoFrU1beF ncyQPNlEYWKvD53CMTGgBpVA.jjsfX8ApGbSlxx0b Received: from sonic.gate.mail.ne1.yahoo.com by sonic314.consmr.mail.ne1.yahoo.com with HTTP; Thu, 12 Nov 2020 18:05:44 +0000 Received: by smtp419.mail.ir2.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID d3662b763a94ebe2740cc12b5718c432; Thu, 12 Nov 2020 17:55:33 +0000 (UTC) Received: by mail-wr1-f52.google.com with SMTP id l1so6941119wrb.9 for ; Thu, 12 Nov 2020 09:55:33 -0800 (PST) X-Gm-Message-State: AOAM530mvQ5/RqL9hjX9AfxkSy7MpmWsphtrYOD/yberDSjH9dquX56B G+QLLceI8uVj2nU5vkxThOz75oMy2E25b7cA1ds= X-Google-Smtp-Source: ABdhPJx8Zf/IevJHg6m+nt9rjQyTEkLnVz7G1tA45GNoEVrL1RaymdBvSPo+wRqY4xBUgRSZWKkBc1CSAB01pexJ/NY= X-Received: by 2002:a5d:4883:: with SMTP id g3mr792242wrq.19.1605203732338; Thu, 12 Nov 2020 09:55:32 -0800 (PST) MIME-Version: 1.0 From: Victor Hooi Date: Fri, 13 Nov 2020 04:55:21 +1100 X-Gmail-Original-Message-ID: Message-ID: To: PVE development discussion References: X-Mailer: WebService/1.1.16944 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Apache-HttpAsyncClient/4.1.4 (Java/11.0.8) X-SPAM-LEVEL: Spam detection results: 0 AWL 0.000 Adjusted score from AWL reputation of From: address DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider HTML_MESSAGE 0.001 HTML included in message RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust RCVD_IN_MSPIKE_H2 -0.001 Average reputation (+2) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com, metacpan.org] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: [pve-devel] SSO (OAuth2 / OpenID Connect) support in Proxmox 2020/2021? X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Nov 2020 18:05:53 -0000 Hi, Is there any update on SSO support in Proxmox? I know there was an earlier thread asking about OAuth2 from 2018: https://lists.proxmox.com/pipermail/pve-devel/2018-March/031317.html and they mentioned it might be possible to swap in a Perl OAuth2 module. I don't know much about Perl or its ecosystem, but I just Googled and found these two: https://metacpan.org/changes/distribution/LWP-Authen-OAuth2 https://metacpan.org/pod/Net::OAuth2 Our use case is to use Google as the OAuth2 endpoint, so that users can authenticate against their Google/Gmail account - in fact I saw there's even a specific module for that: https://metacpan.org/pod/LWP::Authen::OAuth2::ServiceProvider::Google On the SAML front I saw this forum thread: https://forum.proxmox.com/threads/http-authentication-saml-single-sign-on.33701/ https://bugzilla.proxmox.com/show_bug.cgi?id=1583 (SAML seems less in vogue these days, and OAuth2, OpenID-Connect are more used - e.g.: https://developers.google.com/identity/protocols/oauth2/openid-connect Is support for something like this possible to add to Proxmox? Thanks, Victor