]>
git.proxmox.com Git - pve-access-control.git/blob - src/PVE/Auth/OpenId.pm
1 package PVE
::Auth
::OpenId
;
8 use PVE
::Cluster
qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);
10 use base
qw(PVE::Auth::Plugin);
19 description
=> "OpenID Issuer Url",
24 description
=> "OpenID Client ID",
29 description
=> "OpenID Client Key",
35 description
=> "Automatically create users if they do not exist.",
41 description
=> "OpenID claim used to generate the unique username.",
46 description
=> "Specifies whether the Authorization Server prompts the End-User for"
47 ." reauthentication and consent.",
49 pattern
=> '(?:none|login|consent|select_account|\S+)', # \S+ is the extension variant
53 description
=> "Specifies the scopes (user details) that should be authorized and"
54 ." returned, for example 'email' or 'profile'.",
55 type
=> 'string', # format => 'some-safe-id-list', # FIXME: TODO
56 default => "email profile",
60 description
=> "Specifies the Authentication Context Class Reference values that the"
61 ."Authorization Server is being requested to use for the Auth Request.",
63 pattern
=> '^[^\x00-\x1F\x7F <>#"]*$', # Prohibit characters not allowed in URI RFC 2396.
73 "client-key" => { optional
=> 1 },
74 autocreate
=> { optional
=> 1 },
75 "username-claim" => { optional
=> 1, fixed
=> 1 },
76 prompt
=> { optional
=> 1 },
77 scopes
=> { optional
=> 1 },
78 "acr-values" => { optional
=> 1 },
79 default => { optional
=> 1 },
80 comment
=> { optional
=> 1 },
84 sub authenticate_user
{
85 my ($class, $config, $realm, $username, $password) = @_;
87 die "OpenID realm does not allow password verification.\n";