[pve-devel] [PATCH SERIES access-control/docs/manager/proxmox-openid v4] fix #4411: add support for openid groups

Thomas Skinner thomas at atskinner.net
Thu Mar 27 02:51:10 CET 2025 

On Tue, Mar 25, 2025 at 11:36 AM Mira Limbeck <m.limbeck at proxmox.com> wrote:
>
> > Thomas Skinner <thomas at atskinner.net> hat am 24.03.2025 03:37 CET geschrieben:
> >
> >
> > Changes since v3:
> > - removed all code/settings/docs for group name replacement characters
> > - conditionally print user added to groups message
> >
> > access-control:
> >
> > Thomas Skinner (1):
> >   fix #4411: openid: add logic for openid groups support
> >
> >  src/PVE/API2/OpenId.pm   | 83 ++++++++++++++++++++++++++++++++++++++++
> >  src/PVE/AccessControl.pm |  2 +-
> >  src/PVE/Auth/OpenId.pm   | 25 ++++++++++++
> >  src/PVE/Auth/Plugin.pm   |  1 +
> >  4 files changed, 110 insertions(+), 1 deletion(-)
> >
> >
> > docs:
> >
> > Thomas Skinner (1):
> >   fix #4411: openid: add docs for openid groups support
> >
> >  pveum.adoc | 37 +++++++++++++++++++++++++++++++++++++
> >  1 file changed, 37 insertions(+)
> >
> >
> > manager:
> >
> > Thomas Skinner (1):
> >   fix #4411: openid: add ui config for openid groups support
> >
> >  www/manager6/dc/AuthEditOpenId.js | 34 ++++++++++++++++++++++++++++---
> >
> >
> > proxmox-openid:
> >
> > Thomas Skinner (1):
> >   fix #4411: openid: add library code for generic id token claim support
> >
> >  proxmox-openid/src/lib.rs | 55 +++++++++++++++++++++++++++++++++------
> > --
> > 2.39.5
> >
> >
> > _______________________________________________
> > pve-devel mailing list
> > pve-devel at lists.proxmox.com
> > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
> Thank you for the v4!
>
> I gave it a spin with Authentik again as OIDC provider.
> It behaved as expected, including the log message for invalid group
> names:
> ```
> Mar 25 17:24:26 pve80-ceph18-staging-1 pvedaemon[31077]: openid group
> 'test!2345' contains invalid characters
> ```
>
> One small issue with the docs patch, but other than that:
>
> Tested-by: Mira Limbeck <m.limbeck at proxmox.com>
>

Submitted a v5 with the doc fix. Thanks!

More information about the pve-devel mailing list