Proxmox OIDC with Authelia error "OpenID redirect failed request failed 500"

C

creperus

New Member
May 6, 2025
2
0
1
Hello,

I'm trying to use Authelia as a realm for the authentication on my proxmox. I use it for every service I have with traefik as proxy.

I added OIDC handling in the authelia conf file, it's running without errors.

I then added a realm to my proxmox, with these settings

1746568151837.png

When I try lo log in I have the error "OpenID redirect failed request failed 500"

Does someone know what's wrong here ?

Thanks a lot :)

Here's my authelia conf :

YAML: 
identity_providers:
  oidc:
    hmac_secret: '.************'
    jwks:
      - key_id: 'example'
        algorithm: 'RS256'
        use: 'sig'
        key: |
          -----BEGIN PRIVATE KEY-----
          MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDkk1GapsKGAcFT
          ......
          uVES6mj5GBKtmWAJVEsNNw==
          -----END PRIVATE KEY-----
#        key: {{ secret "/config/secrets/oidc/jwks/private.pem" | mindent 10 "|" | msquote }}
    authorization_policies:
      policy_name:
        default_policy: one_factor
        rules:
          - subject: ["group:admin"]
            policy: one_factor
    claims_policies:
      policy_name:
        id_token_audience_mode: 'specification'
        custom_claims:
          groups:
            attribute: groups
    clients:
      - client_id: 'proxmox'
        client_name: 'Proxmox'
        client_secret: '$pbkdf2-sha512$.************'
        public: false
        authorization_policy: 'one_factor'
        require_pkce: true
        pkce_challenge_method: 'S256'
        redirect_uris:
          - 'https://proxmox.************.com'
        scopes:
          - 'openid'
          - 'profile'
          - 'email'
        userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_basic'
 
azim said:
I am also having the same issue. Have you figured it out?
Click to expand...
Hey, Since then I switched to Authentik and I've got the same error but now it works :
Proxmox does not trust self signed certificates, and Authentik (maybe Authelia too) signs the OIDC flows with its self signed certificate.
So added the certificate to the trusted ones on my proxmox, and it worked right away.
Hope this can help
 
creperus said:
Hey, Since then I switched to Authentik and I've got the same error but now it works :
Proxmox does not trust self signed certificates, and Authentik (maybe Authelia too) signs the OIDC flows with its self signed certificate.
So added the certificate to the trusted ones on my proxmox, and it worked right away.
Hope this can help
Click to expand...
In fact, after more troubleshooting i found out that cloudflare is blocking all oidc requests through their "anti ai bot" managed rules, which you cant turn off without their subscription. Though you can set up a custom rule (and free users can only have 5 of those) to bypass that "protection"

After fixing that, i was getting a different error (basically username not found), and now im thinking on what to do with me having different usernames on half of my services
 
Last edited:
You must log in or register to reply here.
Top Bottom