starred/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-06 09:13:19 +03:00
Code Issues 121 Packages Projects Releases 16 Wiki Activity

🐛 Bug Report: Proxmox identification error 401 #274

New Issue
Closed
opened 2025-10-07 00:08:21 +03:00 by OVERLORD · 12 comments
OVERLORD commented 2025-10-07 00:08:21 +03:00
Owner
Copy Link

Originally created by @ursus69 on GitHub.

Reproduction steps

Following the configuration in the Docs for proxmox - PocketID OIDC, When I try to identify, it passes the sign in screen as validated then come backs to the proxmoxs authentication page where it hangs for a couple of seconds then error 401 is shown.

Image

In the proxmox logs on journalctl it shows :

node02 pvedaemon[1418402]: openid authentication failure; rhost=::ffff:192.168.x.x msg=Failed to contact token endpoint: Request failed
The IP address is the reverse proxy internal address.

Expected behavior

Validate and start the session

Actual Behavior

Error 401 shown after authentification via yubikey on proxmox login

Version and Environment

Proxmox : pve-manager/8.3.5/dac3aa88bac3f300 (running kernel: 6.8.12-8-pve)

NginxProxy Manager: v2.12.3

PocketID: 0.43.1

Log Output

24/03/2025, 18:19:40		LAN/Docker/k8s, Internal Network	192.168.x.x	Edge on Linux x86_64	Proxmox OIDC
24/03/2025, 18:15:17		LAN/Docker/k8s, Internal Network	192.168.x.x	Edge on Linux x86_64	Proxmox OIDC
Originally created by @ursus69 on GitHub. ### Reproduction steps Following the configuration in the Docs for proxmox - PocketID OIDC, When I try to identify, it passes the sign in screen as validated then come backs to the proxmoxs authentication page where it hangs for a couple of seconds then error 401 is shown. ![Image](https://github.com/user-attachments/assets/824bb84f-2fdd-493a-baa1-04bc6f22043a) In the proxmox logs on journalctl it shows : `node02 pvedaemon[1418402]: openid authentication failure; rhost=::ffff:192.168.x.x msg=Failed to contact token endpoint: Request failed` The IP address is the reverse proxy internal address. ### Expected behavior Validate and start the session ### Actual Behavior Error 401 shown after authentification via yubikey on proxmox login ### Version and Environment Proxmox : pve-manager/8.3.5/dac3aa88bac3f300 (running kernel: 6.8.12-8-pve) NginxProxy Manager: v2.12.3 PocketID: 0.43.1 ### Log Output ``` 24/03/2025, 18:19:40 LAN/Docker/k8s, Internal Network 192.168.x.x Edge on Linux x86_64 Proxmox OIDC 24/03/2025, 18:15:17 LAN/Docker/k8s, Internal Network 192.168.x.x Edge on Linux x86_64 Proxmox OIDC ```
OVERLORD added the bug label 2025-10-07 00:08:21 +03:00
OVERLORD commented 2025-10-07 00:08:23 +03:00
Author
Owner
Copy Link

@ursus69 commented on GitHub:

I should mention that my PocketID integrations Gitea, Portainer and Semaphore-Ui are working correctly!

@ursus69 commented on GitHub: I should mention that my PocketID integrations Gitea, Portainer and Semaphore-Ui are working correctly!
OVERLORD commented 2025-10-07 00:08:24 +03:00
Author
Owner
Copy Link

@ursus69 commented on GitHub:

Definitly yes, the PocketID is installed on a LXC container in the proxmox node, the node pings the PocketID CT and the NginXProxymaneger Ct and viceversa

@ursus69 commented on GitHub: Definitly yes, the PocketID is installed on a LXC container in the proxmox node, the node pings the PocketID CT and the NginXProxymaneger Ct and viceversa
OVERLORD commented 2025-10-07 00:08:24 +03:00
Author
Owner
Copy Link

@ursus69 commented on GitHub:

Image

@ursus69 commented on GitHub: ![Image](https://github.com/user-attachments/assets/76879da8-f5db-4e62-b04e-0cf28a5a2041)
OVERLORD commented 2025-10-07 00:08:24 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

Can proxmox reach the pocket-id server? Based on the error thats my first though that they cant reach each other.

@kmendell commented on GitHub: Can proxmox reach the pocket-id server? Based on the error thats my first though that they cant reach each other.
OVERLORD commented 2025-10-07 00:08:25 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

Were there any logs from the pocket id service?

What does the config in Proxmox look like? (you can blur our any sesitive details)?

I have this setup and working with my proxmox instance so i know it does indeed work.

@kmendell commented on GitHub: Were there any logs from the pocket id service? What does the config in Proxmox look like? (you can blur our any sesitive details)? I have this setup and working with my proxmox instance so i know it does indeed work.
OVERLORD commented 2025-10-07 00:08:26 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

Thers not a trailing / on the issuer is there? I cant tell from the screenshot.

@kmendell commented on GitHub: Thers not a trailing `/` on the issuer is there? I cant tell from the screenshot.
OVERLORD commented 2025-10-07 00:08:27 +03:00
Author
Owner
Copy Link

@ursus69 commented on GitHub:

I removed the scopes and let it emty for the defaults. same error!
Mar 24 19:19:08 node02 pvedaemon[1418402]: openid authentication failure; rhost=::ffff:192.168.x.x msg=Failed to contact token endpoint: Request failed

@ursus69 commented on GitHub: I removed the scopes and let it emty for the defaults. same error! `Mar 24 19:19:08 node02 pvedaemon[1418402]: openid authentication failure; rhost=::ffff:192.168.x.x msg=Failed to contact token endpoint: Request failed`
OVERLORD commented 2025-10-07 00:08:27 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

The Scopes are wrong, I would just remove your scopes and let proxmox sets its defaults of email and profile.

@kmendell commented on GitHub: The Scopes are wrong, I would just remove your scopes and let proxmox sets its defaults of email and profile.
OVERLORD commented 2025-10-07 00:08:27 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

That issue is older , though still should work. I would recommend reading our docs if you haven't yet https://pocket-id.org/docs/client-examples/proxmox. It may be beneficial to wipe out that realm and start from scratch.

@kmendell commented on GitHub: That issue is older , though still should work. I would recommend reading our docs if you haven't yet https://pocket-id.org/docs/client-examples/proxmox. It may be beneficial to wipe out that realm and start from scratch.
OVERLORD commented 2025-10-07 00:08:28 +03:00
Author
Owner
Copy Link

@ursus69 commented on GitHub:

Hello, no there is no trailing I actually read and follow this comment that explains teh trailing on the issuer. issue-2616224714

@ursus69 commented on GitHub: Hello, no there is no trailing I actually read and follow this comment that explains teh trailing on the issuer. [issue-2616224714](https://github.com/pocket-id/pocket-id/issues/49#issue-2616224714)
OVERLORD commented 2025-10-07 00:08:28 +03:00
Author
Owner
Copy Link

@savely-krasovsky commented on GitHub:

I use the latest Pocket ID with Proxmox, it works perfectly. Do you able to curl Pocket ID from Proxmox host and receive response from it?

@savely-krasovsky commented on GitHub: I use the latest Pocket ID with Proxmox, it works perfectly. Do you able to curl Pocket ID from Proxmox host and receive response from it?
OVERLORD commented 2025-10-07 00:08:29 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

I'm converting this to a discussion as this seems more like a configuration mistake than a bug of Pocket ID.

@stonith404 commented on GitHub: I'm converting this to a discussion as this seems more like a configuration mistake than a bug of Pocket ID.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id#274
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?