When things work, there are no problems.
When things does not work at all, there are no big problems (at least, most of the time...)
It is when things work half way that the worst problems happen!
Here, I have a cluster made of 2 nodes (latest version) and a remote QDevice. Nodes are PMX-A and PMX-B.
I also have a Keycloak infrastructure to authenticate to over OpenID.
In PMX-A, at the Data Center level, I defined the realm pointing to my Keycloak server. I also created a new group and provisioned my account (name@realm).
When I reach PMX-A's logging screen, I can select my Keycloak realm. When I click on the Login button, I am redirected to my Keycloak where I can authenticate. Once done, I get access to PMX-A and can work properly.
Problem is with PMX-B. When I select the Keycloak Realm in its login page and I click the Login button, it does not redirect me and complains about error 500:
OpenID redirect failed. Request Failed (500)
In Keycloak, I registered both return URLs as valid (pmx-a and pmx-b). There is only 1 Root field and that one points to PMX-A. Still, I doubt the problem is on the Keycloak side because should it be, I should be redirected to it and receive an error message from it. Instead, I never leave Proxmox's page and the error is from Proxmox itself.
Any idea what can be wrong here ?
When things does not work at all, there are no big problems (at least, most of the time...)
It is when things work half way that the worst problems happen!
Here, I have a cluster made of 2 nodes (latest version) and a remote QDevice. Nodes are PMX-A and PMX-B.
I also have a Keycloak infrastructure to authenticate to over OpenID.
In PMX-A, at the Data Center level, I defined the realm pointing to my Keycloak server. I also created a new group and provisioned my account (name@realm).
When I reach PMX-A's logging screen, I can select my Keycloak realm. When I click on the Login button, I am redirected to my Keycloak where I can authenticate. Once done, I get access to PMX-A and can work properly.
Problem is with PMX-B. When I select the Keycloak Realm in its login page and I click the Login button, it does not redirect me and complains about error 500:
OpenID redirect failed. Request Failed (500)
In Keycloak, I registered both return URLs as valid (pmx-a and pmx-b). There is only 1 Root field and that one points to PMX-A. Still, I doubt the problem is on the Keycloak side because should it be, I should be redirected to it and receive an error message from it. Instead, I never leave Proxmox's page and the error is from Proxmox itself.
Any idea what can be wrong here ?