No shell access via UI with Authentik SSO (Code 400)

[IceFlom]

Hi,

I have recently set up login via Authentik (OpenID) for PVE and PBS and have given the respective user full authorizations.

If I log in normally via root@PAM, I can use the shell in both UIs (PVE/PBS) and am immediately logged in as root.
However, if I log in via Authentik, the shell in the PVE interface shows a login, but the shell in the PBS interface no longer works (Connection failed Error 400: ).

Journalctl on PBS shows that only PAM users have access. Why is a login option not also displayed here? Can this be changed?

 

[zakhounet]

Hi,

I having the same problem. Did you found a solution ?

Thanks

 

[isaacblum]

same...

 

[nicoautoxp]

Any info on this?

 

[meissel]

any updates anyone?

 

[javito1081]

Any updates on this one? :-(

 

[siliconautomaton]

I don't remember where I found this, but since you all seem to still be wondering, the issue is due to your proxy, not authentik itself.
You've gotta add some headers to the reverse proxy you've got in front of proxmox.
Re-examining my configuration, looks like I added

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
to my NPM config (but note, you have to add it inline to the location / block, you can't just tack it into extra options)