Proxmox auth behind Authentik using OpenID

ThierryIT69 · Mar 28, 2024

Hello,
My proxmox server is accessible from outside, the FQDN is ok.
I have followed the procedure on Authentik website to configure proxmox using OpenID.
Authentik/traefik and Proxmox are in the same network.
I have as error message:

Code:

proxmox OpenID redirect failed. Request failed (500)

When trying to log:

PHP:

 - - [28/03/2024:10:22:07 +0200] "POST /api2/extjs/access/openid/auth-url HTTP/1.1" 200 67
::ffff:192.168.200.50 - - [28/03/2024:10:22:07 +0200] "GET /pve2/ext6/theme-crisp/resources/images/tools/tool-sprites.png HTTP/1.1" 200 24404

The config of the realm "authentik" seems to be ok:

Code:

https://authentik.domain.tld/application/pve
authentik
FYhxxxxxxxxxxxxxxxxxxxxxxxxxQiq
FwxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxGfGNkrLzji
username
Default (email profile)
Auth-Provider Default
Acces through Authentik

The only thing who can be wrong might be the issuer URL

Any ideas ?
Thx

fireon · Mar 28, 2024

Perhaps my documentation with Keycloak will help you a little with your problem, or give you an idea.

https://deepdoc.at/dokuwiki/doku.ph...kvm_und_lxc:openid_keycloak_anbindung_proxmox

keezppc · Apr 20, 2024

You might be missing an /o in your issuer URL

try https://authentik.domain.tld/application/o/pve

jfoley22 · Apr 24, 2024

ThierryIT69 said:
Hello,
My proxmox server is accessible from outside, the FQDN is ok.
I have followed the procedure on Authentik website to configure proxmox using OpenID.
Authentik/traefik and Proxmox are in the same network.
I have as error message:

Code:

proxmox OpenID redirect failed. Request failed (500)

When trying to log:

PHP:

- - [28/03/2024:10:22:07 +0200] "POST /api2/extjs/access/openid/auth-url HTTP/1.1" 200 67 ::ffff:192.168.200.50 - - [28/03/2024:10:22:07 +0200] "GET /pve2/ext6/theme-crisp/resources/images/tools/tool-sprites.png HTTP/1.1" 200 24404

The config of the realm "authentik" seems to be ok:

Code:

https://authentik.domain.tld/application/pve authentik FYhxxxxxxxxxxxxxxxxxxxxxxxxxQiq FwxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxGfGNkrLzji username Default (email profile) Auth-Provider Default Acces through Authentik

The only thing who can be wrong might be the issuer URL

Any ideas ?
Thx

Did you resolve this? I am seeing the same issue, nearly the same setup.

ThierryIT69 · Apr 27, 2024

yep ... missing this f*** /o/

jhmc93 · Jul 8, 2024

Im having the same error but my url includes the 'o'
`as stated below:

wygglz · Jul 21, 2024

Facing the same issue as you @jhmc93 did you end up finding a solution ?

Edit: Was a DNS problem on my end

EricMarten · Oct 26, 2024

The config below worked for my realm. I am not 100%, but pretty sure, that I had it created like that before and got into issues.
Maybe the "Realm" needs to be the hostname of Authentik?! (That's the only thing I can remember, that I had different in my failed attempt)

I selected these flows:

Also make sure to select your https certificate as Signing Key in the Provider Settings in Authentik.

Proxmox, create realm: (the "comment" will be shown instead the "Realm"-Name in Login-Prompt, if you write something in there)

jhmc93 · Oct 27, 2024

jhmc93 said:
Im having the same error but my url includes the 'o'
`as stated below:

View attachment 71007

Edit: I solved it, my traefik instance has staging certs, when i changed to production it worked perfect

Search

Search

Proxmox auth behind Authentik using OpenID

ThierryIT69

New Member

fireon

Distinguished Member

keezppc

New Member

jfoley22

New Member

ThierryIT69

New Member

jhmc93

Member

Attachments

wygglz

New Member

EricMarten

Active Member

jhmc93

Member