]>
Commit | Line | Data |
---|---|---|
52d1c1b9 DM |
1 | package PVE::Auth::OpenId; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use PVE::Tools; | |
7 | use PVE::Auth::Plugin; | |
8 | use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file); | |
9 | ||
10 | use base qw(PVE::Auth::Plugin); | |
11 | ||
12 | sub type { | |
13 | return 'openid'; | |
14 | } | |
15 | ||
16 | sub properties { | |
17 | return { | |
18 | "issuer-url" => { | |
19 | description => "OpenID Issuer Url", | |
20 | type => 'string', | |
21 | maxLength => 256, | |
22 | }, | |
23 | "client-id" => { | |
83f0ad5d TL |
24 | description => "OpenID Client ID", |
25 | type => 'string', | |
52d1c1b9 | 26 | maxLength => 256, |
83f0ad5d TL |
27 | }, |
28 | "client-key" => { | |
52d1c1b9 DM |
29 | description => "OpenID Client Key", |
30 | type => 'string', | |
31 | optional => 1, | |
32 | maxLength => 256, | |
83f0ad5d TL |
33 | }, |
34 | autocreate => { | |
35 | description => "Automatically create users if they do not exist.", | |
36 | optional => 1, | |
37 | type => 'boolean', | |
38 | default => 0, | |
39 | }, | |
40 | "username-claim" => { | |
41 | description => "OpenID claim used to generate the unique username.", | |
42 | type => 'string', | |
43 | optional => 1, | |
44 | }, | |
348c7038 TL |
45 | prompt => { |
46 | description => "Specifies whether the Authorization Server prompts the End-User for" | |
47 | ." reauthentication and consent.", | |
48 | type => 'string', | |
49 | pattern => '(?:none|login|consent|select_account|\S+)', # \S+ is the extension variant | |
50 | optional => 1, | |
51 | }, | |
52d1c1b9 DM |
52 | }; |
53 | } | |
54 | ||
55 | sub options { | |
56 | return { | |
57 | "issuer-url" => {}, | |
83f0ad5d TL |
58 | "client-id" => {}, |
59 | "client-key" => { optional => 1 }, | |
60 | autocreate => { optional => 1 }, | |
61 | "username-claim" => { optional => 1, fixed => 1 }, | |
348c7038 | 62 | prompt => { optional => 1 }, |
83f0ad5d TL |
63 | default => { optional => 1 }, |
64 | comment => { optional => 1 }, | |
52d1c1b9 DM |
65 | }; |
66 | } | |
67 | ||
68 | sub authenticate_user { | |
69 | my ($class, $config, $realm, $username, $password) = @_; | |
70 | ||
71 | die "OpenID realm does not allow password verification.\n"; | |
72 | } | |
73 | ||
74 | ||
75 | 1; |