[pve-devel] RE : RE : [PATCH] [PATCH pve-access-control] SSO feature:login with SAMLv2

Dietmar Maurer dietmar at proxmox.com
Wed Jun 2 12:48:15 CEST 2021

> On 06/02/2021 12:16 PM wb <webmaster at jbsky.fr> wrote:
> > I also wonder why SAML? Would it be an option to use OpenId connect instead?
> As I was able to use SAML, I know the functional part and therefore, if I used SAML, it is only by ease.
> Switch to OpenID, why not. The time I set up a functional POC.
> On the other hand, I would like to know your constraints.

Sorry, what do you want to know exactly?

> Do you still want to use Rust? 

Yes. But I am still searching for usable crates:

openidconnect: https://github.com/ramosbugs/openidconnect-rs

Seems promising, but I have not done any testing so far...

> If yes, I am curious to know how to bind perl to Rust? Do you have an example?


Hope the inline docs and examples are good enough to start...

> I noticed from our exchange :
> During an API call, if the user is not authenticated, do not pass in private and privileged the writing on /tmp/.

yes, unprivileged users should not be able to write anything.

More information about the pve-devel mailing list