[pmg-devel] [PATCH perl-rs/pmg-api/widget-toolkit/pmg-gui v8 0/13] fix #3892: OpenID Connect

Markus Frank m.frank at proxmox.com
Wed Feb 26 15:07:27 CET 2025 

Patch-series to enable OpenID Connect Login for PMG

apply/compile order:

proxmox-perl-rs:
 1 move openid code from pve-rs to common
 2 remove empty PMG::RS::OpenId package to avoid confusion 

pmg-api:
 3 config: add plugin system for authentication realms
 4 config: add oidc type authentication realm
 5 api: add/update/remove authentication realms like in PVE
 6 api: oidc login similar to PVE
 7 api: users: create user with a specified realm

proxmox-widget-toolkit:
 8 fix: window: AuthEditBase: rename variable 'realm' to 'type'
 9 fix: panel: AuthView: change API path in pmx-domains model
10 form: RealmComboBox: add option to change the API path

pmg-gui:
11 login: add option to login with OIDC realm
12 add realms panel to user management
13 user: add realm field for user creation


I still need to add an autocreate-role option to the WebUI. I will send
it as follow-up patch or in the next iteration if this series cannot be
applied yet.


v8:
* added "user: add realm field for user creation" patch
* added defaults in "config: add oidc type authentication realm"
* fixed "Use of uninitialized value in string" when realm is not set at
 user creation


v7:
* removed "pve-common: add Schema package with auth module that contains
 realm sync options" patch
* added "pmg-api: api: users: create user with a specified realm" patch
* removed tfa related code
* save realms after the username like in v5: username at realm

v6:
* renamed Realm to AuthRealm and renamed every domain variable to realm
* changed realm API-path from access/domains to access/auth-realm

v5:
* renamed openid/OpenId variables, filenames and modules to oidc/OIDC
 wherever possible
* renamed Authdomains to Realm

v4:
* split "config: add plugin system for realms & add openid type realms"
 patch into two patches
* use the name 'OpenId' for filenames, but use 'OIDC' as realm type name
* added autocreate-role option to set the role for automatically created
 users in a realm, but currently not exposed in GUI (needs a lot of
 changes in pmg-gui and proxmox-widget-toolkit)



proxmox-perl-rs:

Markus Frank (2):
  move openid code from pve-rs to common
  remove empty PMG::RS::OpenId package to avoid confusion

 common/pkg/Makefile      |  1 +
 common/src/mod.rs        |  1 +
 common/src/oidc/mod.rs   | 63 ++++++++++++++++++++++++++++++++++++++++
 pmg-rs/Cargo.toml        |  1 +
 pmg-rs/Makefile          |  1 -
 pmg-rs/debian/control    |  1 +
 pve-rs/src/openid/mod.rs | 32 +++++---------------
 7 files changed, 75 insertions(+), 25 deletions(-)
 create mode 100644 common/src/oidc/mod.rs



pmg-api:

Markus Frank (5):
  config: add plugin system for authentication realms
  config: add oidc type authentication realm
  api: add/update/remove authentication realms like in PVE
  api: oidc login similar to PVE
  api: users: create user with a specified realm

 src/Makefile                  |   6 +
 src/PMG/API2/AccessControl.pm |  17 ++-
 src/PMG/API2/AuthRealm.pm     | 264 ++++++++++++++++++++++++++++++++++
 src/PMG/API2/OIDC.pm          | 243 +++++++++++++++++++++++++++++++
 src/PMG/API2/Users.pm         |   4 +
 src/PMG/AccessControl.pm      |  40 ++++++
 src/PMG/Auth/OIDC.pm          | 103 +++++++++++++
 src/PMG/Auth/PAM.pm           |  21 +++
 src/PMG/Auth/PMG.pm           |  37 +++++
 src/PMG/Auth/Plugin.pm        | 202 ++++++++++++++++++++++++++
 src/PMG/HTTPServer.pm         |   4 +-
 src/PMG/RESTEnvironment.pm    |  14 ++
 src/PMG/UserConfig.pm         |  26 ++--
 src/PMG/Utils.pm              |  29 +++-
 14 files changed, 991 insertions(+), 19 deletions(-)
 create mode 100644 src/PMG/API2/AuthRealm.pm
 create mode 100644 src/PMG/API2/OIDC.pm
 create mode 100755 src/PMG/Auth/OIDC.pm
 create mode 100755 src/PMG/Auth/PAM.pm
 create mode 100755 src/PMG/Auth/PMG.pm
 create mode 100755 src/PMG/Auth/Plugin.pm


widget-toolkit:

Markus Frank (3):
  fix: window: AuthEditBase: rename variable 'realm' to 'type'
  panel: AuthView: change API path in pmx-domains model
  form: RealmComboBox: add option to change the API path

 src/form/RealmComboBox.js  |  2 ++
 src/panel/AuthView.js      | 21 +++++++++++++--------
 src/window/AuthEditBase.js |  4 ++--
 3 files changed, 17 insertions(+), 10 deletions(-)



pmg-gui:

Markus Frank (3):
  login: add option to login with OIDC realm
  add realms panel to user management
  user: add realm field for user creation

 js/LoginView.js      | 209 ++++++++++++++++++++++++++++++++-----------
 js/UserEdit.js       |  47 ++++++++--
 js/UserManagement.js |   8 ++
 js/Utils.js          |  16 ++++
 4 files changed, 222 insertions(+), 58 deletions(-)

-- 
2.39.5

More information about the pmg-devel mailing list