[pve-access-control.git] / src / PVE / Auth / OpenId.pm

package PVE::Auth::OpenId;

use strict;
use warnings;

use PVE::Tools;
use PVE::Auth::Plugin;
use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);

use base qw(PVE::Auth::Plugin);

sub type {
    return 'openid';
}

sub properties {
    return {
	"issuer-url" => {
	    description => "OpenID Issuer Url",
	    type => 'string',
	    maxLength => 256,
	},
	"client-id" => {
	    description => "OpenID Client ID",
	    type => 'string',
	    maxLength => 256,
	},
	"client-key" => {
	    description => "OpenID Client Key",
	    type => 'string',
	    optional => 1,
	    maxLength => 256,
	},
	autocreate => {
	    description => "Automatically create users if they do not exist.",
	    optional => 1,
	    type => 'boolean',
	    default => 0,
	},
	"username-claim" => {
	    description => "OpenID claim used to generate the unique username.",
	    type => 'string',
	    optional => 1,
	},
   };
}

sub options {
    return {
	"issuer-url" => {},
	"client-id" => {},
	"client-key" => { optional => 1 },
	autocreate => { optional => 1 },
	"username-claim" => { optional => 1, fixed => 1 },
	default => { optional => 1 },
	comment => { optional => 1 },
    };
}

sub authenticate_user {
    my ($class, $config, $realm, $username, $password) = @_;

    die "OpenID realm does not allow password verification.\n";
}


1;
Commit	Line	Data
52d1c1b9 DM	1	package PVE::Auth::OpenId;
	2
	3	use strict;
	4	use warnings;
	5
	6	use PVE::Tools;
	7	use PVE::Auth::Plugin;
	8	use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);
	9
	10	use base qw(PVE::Auth::Plugin);
	11
	12	sub type {
	13	return 'openid';
	14	}
	15
	16	sub properties {
	17	return {
	18	"issuer-url" => {
	19	description => "OpenID Issuer Url",
	20	type => 'string',
	21	maxLength => 256,
	22	},
	23	"client-id" => {
83f0ad5d TL	24	description => "OpenID Client ID",
83f0ad5d TL	25	type => 'string',
52d1c1b9	26	maxLength => 256,
83f0ad5d TL	27	},
83f0ad5d TL	28	"client-key" => {
52d1c1b9 DM	29	description => "OpenID Client Key",
	30	type => 'string',
	31	optional => 1,
	32	maxLength => 256,
83f0ad5d TL	33	},
	34	autocreate => {
	35	description => "Automatically create users if they do not exist.",
	36	optional => 1,
	37	type => 'boolean',
	38	default => 0,
	39	},
	40	"username-claim" => {
	41	description => "OpenID claim used to generate the unique username.",
	42	type => 'string',
	43	optional => 1,
	44	},
52d1c1b9 DM	45	};
	46	}
	47
	48	sub options {
	49	return {
	50	"issuer-url" => {},
83f0ad5d TL	51	"client-id" => {},
	52	"client-key" => { optional => 1 },
	53	autocreate => { optional => 1 },
	54	"username-claim" => { optional => 1, fixed => 1 },
	55	default => { optional => 1 },
	56	comment => { optional => 1 },
52d1c1b9 DM	57	};
	58	}
	59
	60	sub authenticate_user {
	61	my ($class, $config, $realm, $username, $password) = @_;
	62
	63	die "OpenID realm does not allow password verification.\n";
	64	}
	65
	66
	67	1;