Proxy OpenID to internet?

[cfgmgr]

I have been running Proxmox with OpenID configured to Okta successfully for a couple of months now. This cluster has direct access to the internet.

We have a second production cluster that doesn't have direct access to the internet.

It does have a proxy configured but that only seem to be for apt. Is there a configuration somewhere to get Realms to respect the proxy setting and route that traffic accordingly? Or does it just need a path out to the internet?

Thanks!

 

[LnxBil]

Without knowning the exact error message or your network setup, we can only guess.

The authentication needs the client as well as the server you want to connect to, to be able to connect to the authentication server. So if Okta is in the internet, you will need access to this too from your PVE.

How did you setup a proxy for apt and how did you setup the proxy for your pve?

 

[cfgmgr]

Without knowning the exact error message or your network setup, we can only guess.

The authentication needs the client as well as the server you want to connect to, to be able to connect to the authentication server. So if Okta is in the internet, you will need access to this too from your PVE.

How did you setup a proxy for apt and how did you setup the proxy for your pve?

"HTTP Proxy" which is under the "Options" tab for the datacenter. That's the only proxy thing that appears to be configurable as far as I can tell. When you configure OpenID it doesn't appear to use that, but it seems to work for apt just fine.

It fails on the re-direct since these systems do not have direct access to the internet. Apt works nicely due to the proxy config mentioned above.

OpenID redirect failed.
Validation error: unexpected issuer URI

 

[cfgmgr]

I ended up solving this a bit later.
After looking carefully at my issuer URI, I had a single / where I should have (at the end). Removing that fixed it and everything is now behaving as expected.

Thanks!