OpenID 401 with Azure AD

Still seeing "Failed to contact token endpoint: Request failed" with 401 being returned by the Proxmox front end, with latest Proxmox install. I can see comms between proxmox and the endpoint occurring, but of course cannot see the response.

issuer URL:
https://login.microsoftonline.com/##/v2.0
realm: myazuredomain.com
client ID: "application ID" from Azure app
client key: "client secret" description set in Azure
username claim: username
autocreate users: Yes

Anyone have any suggestions please?
 
amf said:
Still seeing "Failed to contact token endpoint: Request failed" with 401 being returned by the Proxmox front end, with latest Proxmox install. I can see comms between proxmox and the endpoint occurring, but of course cannot see the response.

issuer URL:
https://login.microsoftonline.com/##/v2.0
realm: myazuredomain.com
client ID: "application ID" from Azure app
client key: "client secret" description set in Azure
username claim: username
autocreate users: Yes

Anyone have any suggestions please?
Click to expand...
issue continues to exists. I guess no one here has any idea whats going on!
 
amf said:
Still seeing "Failed to contact token endpoint: Request failed" with 401 being returned by the Proxmox front end, with latest Proxmox install. I can see comms between proxmox and the endpoint occurring, but of course cannot see the response.

issuer URL:
https://login.microsoftonline.com/##/v2.0
realm: myazuredomain.com
client ID: "application ID" from Azure app
client key: "client secret" description set in Azure
username claim: username
autocreate users: Yes

Anyone have any suggestions please?
Click to expand...
What does your log says when you try to log in and receive an error?

I assume you have the last version of Proxmox libraries and rebooted afterwards, right?


1687819736646.png
 
ondrejvalenta said:
What does your log says when you try to log in and receive an error?

I assume you have the last version of Proxmox libraries and rebooted afterwards, right?


View attachment 52211
Click to expand...
Syslog says:
Code: 
pvedaemon[1666035]: openid authentication failure; rhost=::ffff:<ipv4 of client> msg=Failed to contact token endpoint: Request failed

This is actually a fresh deployment, so everything is bang up-to-date.
 
Revisiting this with a fresh head and starting from scratch has resulted in it now working. Clearly something was amiss but since it was re-implemented from scratch unfortunately I can't say what. Thanks for the help in any case.
 
  • Like
Reactions: ondrejvalenta
Glad you got it working!

A colleague had a wrong client key on Friday which resulted in the same error.
And I copied the client key ID instead of the actual client key in the past when setting up Azure.
 
  • Like
Reactions: ondrejvalenta
I have also just seen this issue when configuring Authentik OIDC with PVE. My issue turned out to be special characters in the client secret. Once I switched to a client secret with only alphanumeric characters, the login worked successfully.

I am not sure which character was the culprit and am out of time to further troubleshoot, but it was one of: ^ $ % or @.
 
  • Like
Reactions: scyto
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back