[pmg-devel] [PATCH pve-common/perl-rs/pmg-api/widget-toolkit/pmg-gui v4 0/10] fix #3892: OpenID Connect

Stoiko Ivanov s.ivanov at proxmox.com
Mon Feb 17 12:47:00 CET 2025 

Looked a bit more through the code - looks ok as it is adapted from
the equivalent modules in PVE it should also work fine.

Currently the naming of OpenID (as we used it in PVE and PBS) vs.
OIDC/OpenID Connect (which would be more correct) in this series is quite
mixed.

I guess based on the feedback from Christoph:
https://lore.proxmox.com/pmg-devel/ohu4ixitjhxht7tpjskog5mgzqzsygpqahsfcfsnlzz4iqijqm@7cdgsj47cwwu/T/#mbdc24acf0a6120884b48f573c123b4b061f5a7a8
and Thomas:
https://lore.proxmox.com/pmg-devel/20240402112721.14405-1-m.frank@proxmox.com/T/#m4cd74983f35eeac791d43bf118ef4073f7f416d4
respectively.

As you're moving part of the common things around anyways this would be
the occasion to rename things to OIDC and pull those changes in PVE
(at least where it shares the proxmox-rs part).



On Tue, 14 Jan 2025 10:30:00 +0100
Markus Frank <m.frank at proxmox.com> wrote:

> Patch-series to enable OpenID Connect Login for PMG
> 
> apply/compile order:
> 
> pve-common: 
>  1 add Schema package with auth module that contains realm sync options
> 
> proxmox-perl-rs:
>  2 move openid code from pve-rs to common
>  3 remove empty PMG::RS::OpenId package to avoid confusion 
> 
> pmg-api:
>  4 config: add plugin system for realms
>  5 config: add openid type realm
>  6 api: add/update/remove realms like in PVE
>  7 api: openid login similar to PVE
> 
> proxmox-widget-toolkit:
>  8 fix: window: AuthEditBase: rename variable 'realm' to 'type'
> 
> pmg-gui:
>  9 login: add option to login with OpenID realm
> 10 add panel for realms to User Management
> 
> 
> 
> v4:
> * split "config: add plugin system for realms & add openid type realms"
>  patch into two patches
> * use the name 'OpenId' for filenames, but use 'OIDC' as realm type name
> * added autocreate-role option to set the role for automatically created
>  users in a realm, but currently not exposed in GUI (needs a lot of
>  changes in pmg-gui and proxmox-widget-toolkit)
> 
> 
> pve-common:
> 
> Markus Frank (1):
>   add Schema package with auth module that contains realm sync options
> 
>  src/Makefile           |  2 ++
>  src/PVE/Schema/Auth.pm | 82 ++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 84 insertions(+)
>  create mode 100644 src/PVE/Schema/Auth.pm
> 
> 
> proxmox-perl-rs:
> 
> Markus Frank (2):
>   move openid code from pve-rs to common
>   remove empty PMG::RS::OpenId package to avoid confusion
> 
>  common/pkg/Makefile      |  1 +
>  common/src/mod.rs        |  1 +
>  common/src/openid/mod.rs | 63 ++++++++++++++++++++++++++++++++++++++++
>  pmg-rs/Cargo.toml        |  1 +
>  pmg-rs/Makefile          |  1 -
>  pmg-rs/debian/control    |  1 +
>  pve-rs/src/openid/mod.rs | 32 +++++---------------
>  7 files changed, 75 insertions(+), 25 deletions(-)
>  create mode 100644 common/src/openid/mod.rs
> 
> 
> pmg-api:
> 
> Markus Frank (4):
>   config: add plugin system for realms
>   config: add openid type realm
>   api: add/update/remove realms like in PVE
>   api: openid login similar to PVE
> 
>  src/Makefile                  |   6 +
>  src/PMG/API2/AccessControl.pm |  17 ++-
>  src/PMG/API2/Authdomains.pm   | 274 ++++++++++++++++++++++++++++++++++
>  src/PMG/API2/OpenId.pm        | 243 ++++++++++++++++++++++++++++++
>  src/PMG/AccessControl.pm      |  33 ++++
>  src/PMG/Auth/OpenId.pm        |  95 ++++++++++++
>  src/PMG/Auth/PAM.pm           |  22 +++
>  src/PMG/Auth/PMG.pm           |  39 +++++
>  src/PMG/Auth/Plugin.pm        | 199 ++++++++++++++++++++++++
>  src/PMG/HTTPServer.pm         |   2 +
>  src/PMG/RESTEnvironment.pm    |  14 ++
>  src/PMG/UserConfig.pm         |  25 ++--
>  src/PMG/Utils.pm              |  29 +++-
>  13 files changed, 981 insertions(+), 17 deletions(-)
>  create mode 100644 src/PMG/API2/Authdomains.pm
>  create mode 100644 src/PMG/API2/OpenId.pm
>  create mode 100755 src/PMG/Auth/OpenId.pm
>  create mode 100755 src/PMG/Auth/PAM.pm
>  create mode 100755 src/PMG/Auth/PMG.pm
>  create mode 100755 src/PMG/Auth/Plugin.pm
> 
> 
> widget-toolkit:
> 
> Markus Frank (1):
>   fix: window: AuthEditBase: rename variable 'realm' to 'type'
> 
>  src/window/AuthEditBase.js | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> 
> pmg-gui:
> 
> Markus Frank (2):
>   login: add OpenID realms
>   add panel for realms to User Management
> 
>  js/LoginView.js      | 208 ++++++++++++++++++++++++++++++++-----------
>  js/UserManagement.js |   6 ++
>  js/Utils.js          |  23 +++++
>  3 files changed, 186 insertions(+), 51 deletions(-)
>

More information about the pmg-devel mailing list