PBS V4 Authentic OIDC

[cannfoddr]

Hi, I've just updated PBS to V4 all went smoothly and I can see the server from my clients and access the UI etc...

I signed in initially with PAM as superuser when performing and testing the upgrade.

I logged out and reloaded in using Authentic Realm which was already configured and working on V3. Sign in seems to work and I get to a screen with the dashboard and an enterprise license warning. I click OK on that and am dropped straight back to the login screen.

I am getting errors on login:

Aug 07 10:32:58 pbs proxmox-backup-api[751]: authentication failure; rhost=[::ffff:a.b.c.d]:59872 user=adrian@authentik msg=password authentication is not implemented for OpenID realms

This was working fine before the upgrade

 

[marissachan]

I can confirm this issue. I have just upgraded to PBS 4 (after a successful upgrade to Proxmox 9). I have PBS installed on the same machine as Proxmox itself. And I also rely on Authentik for single-sign-on.

Before the upgrade everything worked. But since the upgrade to PBS 4 I get logged out of PBS within seconds. I login into PBS through SSO, I can see the whole webui for 1-2 seconds, but then the page reloads and I am no longer logged into PBS.

This does not occur if I log into PBS with root@pam. The API credentials that I use for my own proxmox server and also for my friends Proxmox server also work without issue. It seems to only be an issue with the openid realm.

In the javascript console in my browser I can see the following:
XML Parsing Error: not well-formedLocation: https://pbs.domain.tld/api2/extjs/access/ticketLine Number 1, Column 1:
POST https://pbs.domain.tld/api2/json/access/ticket 401 (Unauthorized)

The response of the payload is the following:
permission check failed.

In the logs from PBS I can see the following:
Aug 07 12:45:35 <SERVERNAME> proxmox-backup-api[25162]: authentication failure; rhost=[<IPADDRESS>]:<PORT> user=<USERNAME>@<REALMNAME> msg=password authentication is not implemented for OpenID realms
Aug 07 12:45:38 <SERVERNAME proxmox-backup-api[25162]: POST /api2/json/access/ticket: 401 Unauthorized: [client [<IPADDRESS>]:<PORT>] permission check failed.

This issue occurs with both Firefox and Google Chrome. I also have tested the stable PBS version (4.0.11-2) and the PBS-Test version (4.0.11-4).

 

[fabian]

https://lore.proxmox.com/pbs-devel/20250807104909.198914-2-s.sterz@proxmox.com/T/#t should fix this

 

[showiproute]

Duplicate of https://forum.proxmox.com/threads/pbs-4-0-openid-not-working.169333/

 

[fabian]

this issue should be fixed with PBS 4.0.12-1, available on pbs-test! feedback about your openid setup would be highly appreciated!

 

[showiproute]

this issue should be fixed with PBS 4.0.12-1, available on pbs-test! feedback about your openid setup would be highly appreciated!

Can confirm that this fixed the problem on my site!

 

[cannfoddr]

All sorted now.

I am using Authentik. Followed the instructions for Proxmox and setup a separate Proxmox backup server app. Its just a homely setup nothing fancy