Search results

Yes, the last is the one I just finished rereading as well as https://openid.net/specs/openid-connect-core-1_0.html (section 15.7) Which still makes little sense to me from a security standpoint. But they wrote the standard so.... Still doesn't fix the fact that if we disable an account on...

I would have to reread the OIDC standards but I do believe it is quit similar to SAML in this regard. Will reread it and get back to you on this point.

I was speaking of the keycloak/OIDC provider as the authentication backend in this instance. As for requiring relog each time login is pressed makes absolutely no sense whatsoever, as it negates the entire concept of SSO.

Wow. Need time to wrap my head around this one. Logging in per SSO is only half the job. Didn't think I would see half measures in PVE. If someone logs out in the backend then EVERYTHING they are logged in with must be logged out. otherwise the system is only half secure. Strange.

hey all, we have a working PVE 8 install with a keycloak authentication backend that works just fine except for logging out. even if we logout on the backend pve stays logged in. does anyone know how to fix this? not a very secure way to handle access when logging out doesn't work. thanks, chuck

Seeing as how I am having the EXACT same issue I was wondering if this was solved.

Actually I just renamed a node on Prox 3 and it was quite simple and no need to reinstall prox at all. you do have to delete the node on the clusters main node "pvecm delnode OLDNODE" and then change the nodename in /etc/cluster/cluster.conf from the OLDNODE to NEWNODE and restart the node. I...