Openid connect client-key regex

[kelhamtech]

Hello,

I am trying to connect PMG to Microsoft Entra via openid connect in the same manner as I connect my PVE cluster however, certain characters are not accepted in PMG.

The client key/secret generated by Azure contains ~ and this isn't compatible with PMG generating the error file /etc/pmg/realms.conf line 5 (section 'AzureAD') - unable to parse value of 'client-key': value does not match the regex pattern. I don't believe I can change the secrets Microsoft generates and I would have hoped the oidc code was the same between PVE and PMG so I could duplicate a known working config from PVE.

Are there any workarounds or hotfixes I can apply to resolve this?

Regards,
Matt.

 

[nr3]

Hello Matt,

I have the same problem with Authentik. When I want to auto create the user, I get this message:
OpenID Connect login failed, please try again
authentication failure autocreate openid connect user failed: verify entry failed username: value does not match the regex pattern (401).

Have you already found a solution?

Greetings

 

[nr3]

maybe this will help: I used the username with Authentik, and it works now

 

[cheiss]

For future reference, note that there is already a Bugzilla entry and an available patch: https://bugzilla.proxmox.com/show_bug.cgi?id=6214

 

[strausmann]

Hello,

I have created an OpenID Connect realm on the mail gateway. I have connected EntraAD, as we have already done for Proxmox VE and Proxmox BS.
Unfortunately, this does not work with Proxmox MG.

When logging in, I naturally receive this error message, as the user does not yet exist on the system.
OpenID Connect login failed, please try again

authentication failure no such user (‘bjoern.strausmann@domain.de@EntraIDSSO’) (401)

If I select the option “Autocreate Users” with the Source for Role Assignment: Default (All auto-created users get audit role)

I then get the following error message when logging in:

OpenID Connect login failed, please try again

authentication failure autocreate openid connect user failed: verify entry failed username: value does not match the regex pattern (401)

I see the following message in the system log:

openid connect authentication failure; rhost=::ffff:192.168.100.74 msg=autocreate openid connect user failed: verify entry failed username: value does not match the regex pattern

The PMG-API version is already up to date:

root@MG:/etc/pmg# apt show pmg-api
Package: pmg-api
Version: 8.2.2

Where else could the error be?