proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-10-05 06:06:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

openid: support configuring ACR values

Browse Source 
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2021-11-18 17:01:04 +01:00
parent 48e51c3383
commit bc9d11591e
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/PVE/API2/OpenId.pm
View File

@ -41,6 +41,10 @@ my $lookup_openid_auth = sub {
my $scopes = $config->{'scopes'} // 'email profile'; my $scopes = $config->{'scopes'} // 'email profile';
$openid_config->{scopes} = [ PVE::Tools::split_list($scopes) ]; $openid_config->{scopes} = [ PVE::Tools::split_list($scopes) ];
if (defined(my $acr = $config->{'acr-values'})) {
$openid_config->{acr_values} = [ PVE::Tools::split_list($acr) ];
}
my $openid = PVE::RS::OpenId->discover($openid_config, $redirect_url); my $openid = PVE::RS::OpenId->discover($openid_config, $redirect_url);
return ($config, $openid); return ($config, $openid);
}; };

7
src/PVE/Auth/OpenId.pm
View File

@ -56,6 +56,12 @@ sub properties {
default => "email profile", default => "email profile",
optional => 1, optional => 1,
}, },
'acr-values' => {
description => "Specifies the Authentication Context Class Reference values that the"
."Authorization Server is being requested to use for the Auth Request.",
type => 'string', # format => 'some-safe-id-list', # FIXME: TODO
optional => 1,
},
}; };
} }
@ -68,6 +74,7 @@ sub options {
"username-claim" => { optional => 1, fixed => 1 }, "username-claim" => { optional => 1, fixed => 1 },
prompt => { optional => 1 }, prompt => { optional => 1 },
scopes => { optional => 1 }, scopes => { optional => 1 },
"acr-values" => { optional => 1 },
default => { optional => 1 }, default => { optional => 1 },
comment => { optional => 1 }, comment => { optional => 1 },
}; };