How to setup Proxmox to use Keycloak as authentication realm.
root@proxmox:/etc/pve# cat domains.cfg
pam: pam
comment Linux PAM standard authentication
openid: [redacted]
client-id proxmox.[redacted]
issuer-url http://id.[redacted]/auth/realms/[redacted]
autocreate 1
client-key [redacted]
default 1
username-claim username
pve: pve
comment Proxmox VE authentication serverWhat the client configuration should look like:
Client ID: proxmox.[redacted]
Name: [redacted]
Description: empty
Enabled: ON
Always Display in Console: OFF
Consent Required: ON
Display Client On Consent Screen: OFF
Client Protocol: openid-connect
Access Type: confidential
Standard Flow Enabled: ON
Implicit Flow Enabled: ON
Direct Access Grants Enabled: ON
Service Accounts Enabled: OFF
OAuth 2.0 Device Authorization Grant Enabled: OFF
Authorization Enabled: OFF
Root URL: empty
Valid Redirect URIs: https://proxmox.[redacted]:8006
Base URL: empty
Admin URL: empty
Web Origins: empty
Backchannel Logout URL: empty
Backchannel Logout Session Required: OFF
Backchannel Logout Revoke Offline Sessions: OFF
Full Scope Allowed: ONThe client credential matches need to be set to Client Id and Secret.
What the client`s mapper configuration should look like:
Protocol: openid-connect
ID: [redacted]
Name: username
Mapper Type: User Property
Property: username
Token Claim Name: username
Claim JSON Type: String
Add to ID token: ON
Add to access token: ON
Add to userinfo: ON