OpenID - (Error 500 Redirect Failed)

A

allthebits

New Member
Jan 30, 2025
2
0
1
Hello,
I have recently been trying to setup an OpenID realm in ProxmoxVE. I have followed the official documentation by Authentik and tried a YouTube tutorial for it.
No matter what I am trying, I always get the same error when trying to login using OpenID into Proxmox."OpenID redirect failed.Request failed (500)" I have searched through every forum/reddit post I could find about Proxmox and OpenID.

When I go to my issuer ID, it redirects to the URL + "well-known/openid-configuration" and I am able to see a lot of text data.

I am able to use Authentik with portainer successfully, but not Proxmox. I am not sure what special actions I need to take to get it configured correctly.


As suggested in some posts, I have tried with any without the trailing / for the Issuer and Redirect URL.

Any help is appreciated!


1738259354727.png

1738259748628.png
 
I use Keycloak. And there under "Redirect URIs/Origins" the URL was not enough. I had to add the URL with Proxmox's port 8006.
 
allthebits said:
Hello,
I have recently been trying to setup an OpenID realm in ProxmoxVE. I have followed the official documentation by Authentik and tried a YouTube tutorial for it.
No matter what I am trying, I always get the same error when trying to login using OpenID into Proxmox."OpenID redirect failed.Request failed (500)" I have searched through every forum/reddit post I could find about Proxmox and OpenID.

When I go to my issuer ID, it redirects to the URL + "well-known/openid-configuration" and I am able to see a lot of text data.

I am able to use Authentik with portainer successfully, but not Proxmox. I am not sure what special actions I need to take to get it configured correctly.


As suggested in some posts, I have tried with any without the trailing / for the Issuer and Redirect URL.

Any help is appreciated!


View attachment 81688

View attachment 81690
Click to expand...
Is this the tutorial you followed? Link: https://docs.goauthentik.io/integrations/services/proxmox-ve/
 
Last edited:
aabraham said:
Is this the tutorial you followed? Link: https://docs.goauthentik.io/integrations/services/proxmox-ve/
Click to expand...

No, I've written my own.

fireon

[TUTORIAL] Thread 'OPENID Keycloak Anbindung Proxmox'

Hallo Leute,

ich habe hier eine Dokumentation erstellt. Diese zeigt die Keycloakanbindung mit Proxmox inkl. Login berechtigten LDAP-Gruppen mit Keycloak von Univention Server UCS. Diese funktionierende Config kann auch als Beispiel für andere Keycloakclients dienen.

https://deepdoc.at/dokuwiki/doku.ph...kvm_und_lxc:openid_keycloak_anbindung_proxmox

lg
fireon
  • Like

But there from your link is also with the port 8006.
 
fireon said:
I use Keycloak. And there under "Redirect URIs/Origins" the URL was not enough. I had to add the URL with Proxmox's port 8006.
Click to expand...

I normally do not have to include the port in the domain. When adding a port, I cannot access proxmox. I am using NPM. Though I have tried also tried using the authentik and proxmox server's actual IP addresses, instead of the domain/reverse proxy to test if NPM was causing issues.
 
allthebits said:
I normally do not have to include the port in the domain. When adding a port, I cannot access proxmox. I am using NPM. Though I have tried also tried using the authentik and proxmox server's actual IP addresses, instead of the domain/reverse proxy to test if NPM was causing issues.
Click to expand...
If you are using an identity provider like Keycloak, you must add the port, so that Keycloak knows what to access and where. "When adding a port": Where did you add the port. What are you using? How does NPM come into this? What have you configured and what are you trying to do?
 
  • Like
Reactions: fireon
Watching this as I have the same problem "OpenID redirect failed. Request failed (500)". All my other apps are working with Authentik, but Proxmox refuses :-(
 
It seems most people on youtube setting up authentik use a reverse proxy like traefik or nginix. Well, I didn't and also used a private CA for https connections. I installed the root in the browser and created a cert for both authentik and proxmox. authentik was a pain because even though I used docker and mapped the volume to the proper cert directory, you have to still go into the UI and under system -> brands and setup your domain, select the cert, and set it to default. That wasted a few hours. Then in proxmox, I finally realized that proxmox itself had to have access to the root (because it connects back to Authentik without the browser) so that means putting the private ca root into the Debian trust store. So copy it (extension .crt) here /usr/local/share/ca-certificates/ and then run update-ca-certificates. I DO need the trailing forward slash in my system for some reason. Finally, in the Authentik provider, the signing key had to use the same cert that I used for authentik ui. I guess all this is why people use reverse proxies and lets encrypt. Wasted an entire day :(
 
Last edited:
  • Like
Reactions: somebodyoverthere
You must log in or register to reply here.
Top Bottom