src/PVE/Auth/OpenId.pm

   1 package PVE::Auth::OpenId;
   2
   3 use strict;
   4 use warnings;
   5
   6 use PVE::Tools;
   7 use PVE::Auth::Plugin;
   8 use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);
   9
  10 use base qw(PVE::Auth::Plugin);
  11
  12 sub type {
  13     return 'openid';
  14 }
  15
  16 sub properties {
  17     return {
  18         "issuer-url" => {
  19             description => "OpenID Issuer Url",
  20             type => 'string',
  21             maxLength => 256,
  22         },
  23         "client-id" => {
  24             description => "OpenID Client ID",
  25             type => 'string',
  26             maxLength => 256,
  27        },
  28        "client-key" => {
  29             description => "OpenID Client Key",
  30             type => 'string',
  31             optional => 1,
  32             maxLength => 256,
  33        },
  34        autocreate => {
  35            description => "Automatically create users if they do not exist.",
  36            optional => 1,
  37            type => 'boolean',
  38            default => 0,
  39        },
  40        "username-claim" => {
  41            description => "OpenID claim used to generate the unique username.",
  42            type => 'string',
  43            enum => ['subject', 'username', 'email'],
  44            optional => 1,
  45        },
  46    };
  47 }
  48
  49 sub options {
  50     return {
  51         "issuer-url" => {},
  52          "client-id" => {},
  53          "client-key" => { optional => 1 },
  54          autocreate => { optional => 1 },
  55          "username-claim" => { optional => 1, fixed => 1 },
  56          default => { optional => 1 },
  57          comment => { optional => 1 },
  58     };
  59 }
  60
  61 sub authenticate_user {
  62     my ($class, $config, $realm, $username, $password) = @_;
  63
  64     die "OpenID realm does not allow password verification.\n";
  65 }
  66
  67
  68 1;