src/PVE/Auth/OpenId.pm

   1 package PVE::Auth::OpenId;
   2
   3 use strict;
   4 use warnings;
   5
   6 use PVE::Tools;
   7 use PVE::Auth::Plugin;
   8 use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);
   9
  10 use base qw(PVE::Auth::Plugin);
  11
  12 sub type {
  13     return 'openid';
  14 }
  15
  16 sub properties {
  17     return {
  18         "issuer-url" => {
  19             description => "OpenID Issuer Url",
  20             type => 'string',
  21             maxLength => 256,
  22         },
  23         "client-id" => {
  24             description => "OpenID Client ID",
  25             type => 'string',
  26             maxLength => 256,
  27        },
  28        "client-key" => {
  29             description => "OpenID Client Key",
  30             type => 'string',
  31             optional => 1,
  32             maxLength => 256,
  33        },
  34        autocreate => {
  35            description => "Automatically create users if they do not exist.",
  36            optional => 1,
  37            type => 'boolean',
  38            default => 0,
  39        },
  40        "username-claim" => {
  41            description => "OpenID claim used to generate the unique username.",
  42            type => 'string',
  43            optional => 1,
  44        },
  45    };
  46 }
  47
  48 sub options {
  49     return {
  50         "issuer-url" => {},
  51          "client-id" => {},
  52          "client-key" => { optional => 1 },
  53          autocreate => { optional => 1 },
  54          "username-claim" => { optional => 1, fixed => 1 },
  55          default => { optional => 1 },
  56          comment => { optional => 1 },
  57     };
  58 }
  59
  60 sub authenticate_user {
  61     my ($class, $config, $realm, $username, $password) = @_;
  62
  63     die "OpenID realm does not allow password verification.\n";
  64 }
  65
  66
  67 1;