openID no authentication credentials provided.

S

scrafi

New Member
Jun 26, 2021
4
1
1
26
Hello!

I've just updated to pve 7 and pbs 2 and set openid up in both.

In pve it works just fine and as you expect, but using the same settings (though using a different provider in my authentication server "Authentik" with the same configuration), in PBS I get the following error message on the login screen:

pbs-openid-error.png

Code: 
OpenID redirect failed, please try again
authentication failed - no authentication credentials provided.

PVE Configuration:
1626630655225.png
PBS Configuration
1626630715545.png

Since it works just fine in pve, I don't think this is a configuration error.

Do you have an Idea what the error could be or if this might be a known error already?

Thanks!

- Nico

Note: pbs is not installed on the host, it is running in a VM
 
Last edited:
Hi,

Same here using keycloak as openid provider: openid works with pve 7 but not with pbs 2.0-4.

Using curl form pbs, we can reach keycloak server.

It looks like a bug.
Are there some log file we can check ?

Thanks,
Gérald
 
did you add the pbs ip as a valid return point in the keycloak server ?
did you try adding a seperate client configuration for the pbs server?

what do the keycloak logs say?
 
All the config seems OK.

There is no probant log message in keycloak.
PBS don't even redirect to keycloak login page.
just a message:

Code: 
OpenID redirect failed, please try again
authentication failed - no authentication credentials provided.

With PVE 7 and a similar configuration (with is own client ID), the login process is working.
 
Some more informations:

With PVE 7, if I use a wrong client ID or secret, I am redirected to keycloak where i got a error, which is the expected behavior.

I suppose this should be the same with PBS.
So, I guess this is not a config mistake on keycloak side.
 
Should be addressed with proxmox-backup-server version 2.0.5-1 available on pbstest repository at time of writing. There was a recent regression that made the test system clobber the API daemon builds without openid support (we had to take special care for that to avoid some undesired library linkage), now fixed and made more robust to avoid letting this happen again.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom