Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save jakoberpf/d6f519459f7dad3b30f509facdc22445 to your computer and use it in GitHub Desktop.
Save jakoberpf/d6f519459f7dad3b30f509facdc22445 to your computer and use it in GitHub Desktop.

[guide] keycloak authentication for proxmox

How to setup Proxmox to use Keycloak as authentication realm.

Proxmox Setup

root@proxmox:/etc/pve# cat domains.cfg
pam: pam
        comment Linux PAM standard authentication

openid: [redacted]
        client-id proxmox.[redacted]
        issuer-url http://id.[redacted]/auth/realms/[redacted]
        autocreate 1
        client-key [redacted]
        default 1
        username-claim username

pve: pve
        comment Proxmox VE authentication server

Keycloak Setup

What the client configuration should look like:

Client ID: proxmox.[redacted]
Name: [redacted]
Description: empty
Enabled: ON
Always Display in Console: OFF
Consent Required: ON
Display Client On Consent Screen: OFF
Client Protocol: openid-connect
Access Type: confidential
Standard Flow Enabled: ON
Implicit Flow Enabled: ON
Direct Access Grants Enabled: ON
Service Accounts Enabled: OFF
OAuth 2.0 Device Authorization Grant Enabled: OFF
Authorization Enabled: OFF
Root URL: empty
Valid Redirect URIs: https://proxmox.[redacted]:8006
Base URL: empty
Admin URL: empty
Web Origins: empty
Backchannel Logout URL: empty
Backchannel Logout Session Required: OFF
Backchannel Logout Revoke Offline Sessions: OFF
Full Scope Allowed: ON

The client credential matches need to be set to Client Id and Secret.

What the client`s mapper configuration should look like:

Protocol: openid-connect
ID: [redacted]
Name: username
Mapper Type: User Property
Property: username
Token Claim Name: username
Claim JSON Type: String
Add to ID token: ON
Add to access token: ON
Add to userinfo: ON

Sources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment