]>
Commit | Line | Data |
---|---|---|
52d1c1b9 DM |
1 | package PVE::Auth::OpenId; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use PVE::Tools; | |
7 | use PVE::Auth::Plugin; | |
8 | use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file); | |
9 | ||
10 | use base qw(PVE::Auth::Plugin); | |
11 | ||
12 | sub type { | |
13 | return 'openid'; | |
14 | } | |
15 | ||
16 | sub properties { | |
17 | return { | |
18 | "issuer-url" => { | |
19 | description => "OpenID Issuer Url", | |
20 | type => 'string', | |
21 | maxLength => 256, | |
22 | }, | |
23 | "client-id" => { | |
83f0ad5d TL |
24 | description => "OpenID Client ID", |
25 | type => 'string', | |
52d1c1b9 | 26 | maxLength => 256, |
83f0ad5d TL |
27 | }, |
28 | "client-key" => { | |
52d1c1b9 DM |
29 | description => "OpenID Client Key", |
30 | type => 'string', | |
31 | optional => 1, | |
32 | maxLength => 256, | |
83f0ad5d TL |
33 | }, |
34 | autocreate => { | |
35 | description => "Automatically create users if they do not exist.", | |
36 | optional => 1, | |
37 | type => 'boolean', | |
38 | default => 0, | |
39 | }, | |
40 | "username-claim" => { | |
41 | description => "OpenID claim used to generate the unique username.", | |
42 | type => 'string', | |
43 | optional => 1, | |
44 | }, | |
52d1c1b9 DM |
45 | }; |
46 | } | |
47 | ||
48 | sub options { | |
49 | return { | |
50 | "issuer-url" => {}, | |
83f0ad5d TL |
51 | "client-id" => {}, |
52 | "client-key" => { optional => 1 }, | |
53 | autocreate => { optional => 1 }, | |
54 | "username-claim" => { optional => 1, fixed => 1 }, | |
55 | default => { optional => 1 }, | |
56 | comment => { optional => 1 }, | |
52d1c1b9 DM |
57 | }; |
58 | } | |
59 | ||
60 | sub authenticate_user { | |
61 | my ($class, $config, $realm, $username, $password) = @_; | |
62 | ||
63 | die "OpenID realm does not allow password verification.\n"; | |
64 | } | |
65 | ||
66 | ||
67 | 1; |