[SOLVED] HTTP error 596 towards /api2/extjs/access/openid/auth-url

V

vilhelmprytz

Active Member
Jun 3, 2017
5
0
41
Sweden
vilhelmprytz.se
Hello!

I have configured Proxmox (running pve-manager/7.2-4/ca9d43cc) to use OpenID for authentication, but I get the following error message upon signing in.

1656925605630.png
It looks like my browser tries to make a POST request towards /api2/extjs/access/openid/auth-url, which for some reason returns status code 596 (after a rather long timeout).

In /var/log/pveproxy/access.log I find the following corresponding message:
Code: 
::ffff:<censored> - - [04/07/2022:11:06:01 +0200] "POST /api2/extjs/access/openid/auth-url HTTP/1.1" 596 -
I can't find anything corresponding to the above request in /var/log/syslog.

I have used the web GUI to configure the OpenID client. /etc/pve/domains.cfg looks something like this.

Code: 
pam: pam
    comment Linux PAM standard authentication

pve: pve
    comment Proxmox VE authentication server

openid: test
    comment test
    client-id <redacted>
    issuer-url <redacted>
    autocreate 1
    client-key <redacted>
    default 1
    username-claim username

Any idea what 596 might mean and how to debug this further? Thanks!
 
What's the auth-url you specified?
Can you connect to it, and especially to <auth-url>/.well-known/openid-configuration?
 
I'm using keycloak, the issuer URL is https://<censored, hostname of keycloak instance>/auth/realms/<name of realm>. I can reach this HTTPs endpoint with curl from the machine running Proxmox.
 
Do you require a proxy? Is a proxy set?
Curl automatically uses any environment variables matching ALL_PROXY, HTTPS_PROXY and HTTP_PROXY while PVE requires an HTTP proxy to be set in the Datacenter Options in the GUI.

As mentioned, can you open the <auth-url>/.well-known/openid-configuration ? Try wget to get the JSON file returned.
 
Thanks for the suggestion with wget. I got it sorted now. Apparently, the Proxmox node had this broken IPv6 address so I guess PVE tried to reach the KeyCloak instance over v6 while curl used v4. Thanks a lot for the quick response!
 
Great that you solved it!
And thanks for providing information about the actual cause. It will be helpful to others in the future for sure. :)
 
  • Like
Reactions: vilhelmprytz
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back