OIDC Plesk Login App

.gitignore

@@ -0,0 +1,4 @@
+__pycache__/
+*.pyc
+venv/
+settings.ini

plesklogin.py

@@ -0,0 +1,88 @@
+from authlib.integrations.flask_client import OAuth
+from flask import Flask, jsonify, redirect, url_for, request
+
+import requests
+
+from configparser import ConfigParser
+from pathlib import Path
+
+import secrets
+
+config = ConfigParser(Path(__file__).parent / "settings.ini")
+
+app = Flask(__name__)
+app.secret_key = config["FLASK"]["SecretKey"]
+
+plesk_url = config["PLESK"]["Domain"]
+plesk_login = config["PLESK"]["Username"]
+plesk_password = config["PLESK"]["Password"]
+
+# Configure Authlib with OIDC provider details
+oauth = OAuth(app)
+
+oauth.register(
+    name='oidc',
+    client_id=config["OIDC"]["ClientID"],
+    client_secret=config["OIDC"]["ClientSecret"],
+    access_token_url=config["OIDC"]["TokenURL"],
+    authorize_url=config["OIDC"]["AuthorizeURL"],
+    jwks_uri=config["OIDC"]["JWKSURL"],
+    client_kwargs={
+        'scope': config["OIDC"].get("Scope") or 'openid profile email',
+        'token_endpoint_auth_method': 'client_secret_basic',
+        'token_placement': 'header'
+        },
+)
+
+# Define a route for the home page
+@app.route('/')
+def home():
+    redirect_uri = url_for('oidc_callback', _external=True)
+    return oauth.oidc.authorize_redirect(redirect_uri)
+
+# Define a route for the OIDC provider's callback URL
+@app.route('/oidc/callback')
+def oidc_callback():
+    # Get user information from OIDC provider
+    token = oauth.oidc.authorize_access_token()
+    user_info = token["userinfo"]
+
+    # Display user's preferred_username
+    username = user_info.get('preferred_username')
+    user_ip = request.remote_addr
+
+    xml_data = f"""
+        <packet version="1.6.9.1">
+            <server>
+                <create_session>
+                    <login>{username}</login>
+                    <data>
+                        <user_ip>{user_ip}</user_ip>
+                        <source_server></source_server>
+                    </data>
+                </create_session>
+            </server>
+        </packet>
+    """
+
+    headers = {
+        "Content-Type": "text/xml",
+        "HTTP_AUTH_LOGIN": plesk_login,
+        "HTTP_AUTH_PASSWD": plesk_password,
+        "HTTP_PRETTY_PRINT": "TRUE",
+    }
+
+    response = requests.post(f"https://{plesk_url}/enterprise/control/agent.php", headers=headers, data=xml_data, verify=False)
+
+    if response.status_code == 200:
+        response_xml = response.content.decode()
+        # Extract the session ID from the response XML
+        session_id = response_xml.split("<id>")[1].split("</id>")[0]
+    else:
+        print("Error:", response.status_code, response.content.decode())
+        raise Exception()
+
+    return redirect(f"https://{plesk_url}/enterprise/rsession_init.php?PLESKSESSID={session_id}")
+
+if __name__ == '__main__':
+    app.run(debug=True)

requirements.txt

@@ -0,0 +1,3 @@
+Flask
+Authlib
+requests

settings.dist.ini

@@ -0,0 +1,14 @@
+[FLASK]
+SecretKey = ReallyJustAnyRandomStringIGuess
+
+[PLESK]
+Domain = plesk.local
+Username = your_admin_account
+Password = your_admin_password
+
+[OIDC]
+ClientID = your_app_id
+ClientSecret = your_app_secret
+TokenURL = https://kumidc.local/openid/token
+AuthorizeURL = https://kumidc.local/openid/authorize
+JWKSURL = https://kumidc.local/openid/jwks