[pmg-devel] [PATCH pve-common/proxmox-perl-rs/pmg-api/pmg-gui v3 0/8] fix #3892: OpenID

Christoph Heiss c.heiss at proxmox.com
Wed Oct 9 13:30:19 CEST 2024 

Just tested this series using Keycloak 26.0.0 as an OpenID provider.

Everything worked fine once it was set up for the OpenID side! Login via
OpenID worked, also tested the "Autocreate Users" feature (but see below
on that). The GUI dialog panel is from proxmox-widget-toolkit, so
nothing really new there.

I noticed however that there seems to be no dedicated PAM realm in the
login window, only PMG authentication server - but you can still login
with PAM credentials. These two should be real separate realms, much
like we have it for PVE/PBS.

Also, when using the "Autocreate Users" feature - should the (PMG) role
assigned to the user maybe be configurable? Since it currently just
defaults to Auditor, as it seems. (or am I missing something?)

Lastly, patches #2 and #3 need to be rebased on the latest master
of proxmox-perl-rs, they failed to apply (resolved that manually myself
to test them out for now). All other patches in this series apply on
their respective master cleanly.

Didn't really have a look at the code yet, so might do some reviews on
that too.

On Mon, Jun 24, 2024 at 11:08:42AM GMT, Markus Frank wrote:
> Patch-series to enable OpenID Login for PMG
>
> apply/compile order:
>
> 1. pve-common: add Schema package with auth module that contains realm sync options
> 2. proxmox-perl-rs: move openid code from pve-rs to common
> 3. proxmox-perl-rs: remove empty PMG::RS::OpenId package to avoid confusion
> 4. pmg-api: config: add plugin system for realms & add openid type realms
> 5. pmg-api: api: add/update/remove realms like in PVE
> 6. pmg-api: api: openid login similar to PVE
> 7. pmg-gui: login: add option to login with OpenID realm
> 8. pmg-gui: add panel for realms to User Management
>
>
> v3 changed only in proxmox-perl-rs and "pmg-api: api: openid login similar to PVE"
>
>
> pve-common:
>
> Markus Frank (1):
>   add Schema package with auth module that contains realm sync options
>
>  src/Makefile           |  2 ++
>  src/PVE/Schema/Auth.pm | 82 ++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 84 insertions(+)
>  create mode 100644 src/PVE/Schema/Auth.pm
>
>
> proxmox-perl-rs:
>
> v3: removed PMG wrapper as Proxmox::RS:OpenId can be used instead.
>
> Markus Frank (2):
>   move openid code from pve-rs to common
>   remove empty PMG::RS::OpenId package to avoid confusion
>
>  common/pkg/Makefile      |  1 +
>  common/src/mod.rs        |  1 +
>  common/src/openid/mod.rs | 63 ++++++++++++++++++++++++++++++++++++++++
>  pmg-rs/Cargo.toml        |  1 +
>  pmg-rs/Makefile          |  1 -
>  pmg-rs/debian/control    |  1 +
>  pve-rs/src/openid/mod.rs | 32 +++++---------------
>  7 files changed, 75 insertions(+), 25 deletions(-)
>  create mode 100644 common/src/openid/mod.rs
>
>
> pmg-api:
>
> v3: use Proxmox::RS:OpenId instead of PMG::RS::OpenId
>
> Markus Frank (3):
>   config: add plugin system for realms & add openid type realms
>   api: add/update/remove realms like in PVE
>   api: openid login similar to PVE
>
>  src/Makefile                  |   5 +
>  src/PMG/API2/AccessControl.pm |  17 ++-
>  src/PMG/API2/Authdomains.pm   | 274 ++++++++++++++++++++++++++++++++++
>  src/PMG/API2/OIDC.pm          | 243 ++++++++++++++++++++++++++++++
>  src/PMG/AccessControl.pm      |  31 ++++
>  src/PMG/Auth/OIDC.pm          |  99 ++++++++++++
>  src/PMG/Auth/PMG.pm           |  28 ++++
>  src/PMG/Auth/Plugin.pm        | 193 ++++++++++++++++++++++++
>  src/PMG/HTTPServer.pm         |   2 +
>  src/PMG/RESTEnvironment.pm    |  14 ++
>  src/PMG/UserConfig.pm         |  25 ++--
>  src/PMG/Utils.pm              |  29 +++-
>  12 files changed, 943 insertions(+), 17 deletions(-)
>  create mode 100644 src/PMG/API2/Authdomains.pm
>  create mode 100644 src/PMG/API2/OIDC.pm
>  create mode 100755 src/PMG/Auth/OIDC.pm
>  create mode 100755 src/PMG/Auth/PMG.pm
>  create mode 100755 src/PMG/Auth/Plugin.pm
>
>
> pmg-gui:
>
> Markus Frank (2):
>   login: add OpenID realms
>   add panel for realms to User Management
>
>  js/LoginView.js      | 200 +++++++++++++++++++++++++++++++++----------
>  js/UserManagement.js |   6 ++
>  js/Utils.js          |  15 ++++
>  3 files changed, 174 insertions(+), 47 deletions(-)
>
> --
> 2.39.2
>
>
>
> _______________________________________________
> pmg-devel mailing list
> pmg-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
>
>

More information about the pmg-devel mailing list