[SOLVED] HTTP error 596 towards /api2/extjs/access/openid/auth-url

V

vilhelmprytz

Active Member
Jun 3, 2017
5
0
41
Sweden
vilhelmprytz.se
Hello!

I have configured Proxmox (running pve-manager/7.2-4/ca9d43cc) to use OpenID for authentication, but I get the following error message upon signing in.

1656925605630.png
It looks like my browser tries to make a POST request towards /api2/extjs/access/openid/auth-url, which for some reason returns status code 596 (after a rather long timeout).

In /var/log/pveproxy/access.log I find the following corresponding message:
Code: 
::ffff:<censored> - - [04/07/2022:11:06:01 +0200] "POST /api2/extjs/access/openid/auth-url HTTP/1.1" 596 -
I can't find anything corresponding to the above request in /var/log/syslog.

I have used the web GUI to configure the OpenID client. /etc/pve/domains.cfg looks something like this.

Code: 
pam: pam
    comment Linux PAM standard authentication

pve: pve
    comment Proxmox VE authentication server

openid: test
    comment test
    client-id <redacted>
    issuer-url <redacted>
    autocreate 1
    client-key <redacted>
    default 1
    username-claim username

Any idea what 596 might mean and how to debug this further? Thanks!
 
What's the auth-url you specified?
Can you connect to it, and especially to <auth-url>/.well-known/openid-configuration?
 
I'm using keycloak, the issuer URL is https://<censored, hostname of keycloak instance>/auth/realms/<name of realm>. I can reach this HTTPs endpoint with curl from the machine running Proxmox.
 
Do you require a proxy? Is a proxy set?
Curl automatically uses any environment variables matching ALL_PROXY, HTTPS_PROXY and HTTP_PROXY while PVE requires an HTTP proxy to be set in the Datacenter Options in the GUI.

As mentioned, can you open the <auth-url>/.well-known/openid-configuration ? Try wget to get the JSON file returned.
 
Thanks for the suggestion with wget. I got it sorted now. Apparently, the Proxmox node had this broken IPv6 address so I guess PVE tried to reach the KeyCloak instance over v6 while curl used v4. Thanks a lot for the quick response!
 
Great that you solved it!
And thanks for providing information about the actual cause. It will be helpful to others in the future for sure. :)
 
  • Like
Reactions: vilhelmprytz
You must log in or register to reply here.
Top Bottom