🚀 Feature: How to Set up Proxmox VE OIDC #460

New Issue

OVERLORD · 2025-10-07T00:15:52+03:00

OVERLORD commented

2025-10-07 00:15:52 +03:00

Originally created by @Node815 on GitHub.

Feature description

This will allow you to log into Proxmox VE with your fingerprint for easy administration while on the road!

Pitch

Create your OIDC Client as usual in Pocket-ID and keep that window/tab open so you can copy/paste the keys to Proxmox.

In Proxmox as your admin user or Root user, Click on Datacenter .
On the Tree menu to the right, go to the Permissions setting and expand it.
Next, click on Realms and then Add then OpenID Connect Server

The following dialog will appear:

This is how I have mine set and it works:

The Realm Name is what you will see when you login and also shows in the username such as email@realm

Mine Realm in this case is titled SSO. :)

For the ISSUER URL, This is VERY IMPORTANT!!! (I spent a good hour or two troubleshooting this).

Use your domain or sub.domain.com that you use for your Pocket-ID system. For example, sso.example.com would be https://sso.example.com AVOID Using a trailing slash, it will tell you it's wrong and give a 500 error.

Any other trailing information will give you an instant 500 OIDC Redirect error which is of no use and it will never direct you to the server.

Once you save your settings, Open up a private browser tab, or incognito window to test the login, go to your Proxmox server and login using your shiny new log in. It should take you to your login page for Pocket-ID and after you authenticate, Proxmox will assign a new account with your email@realm with basic permissions. From there, in your other window with your root/admin Proxmox still logged in, manage the desired permissions for your shiny new user.

Originally created by @Node815 on GitHub. ### Feature description This will allow you to log into Proxmox VE with your fingerprint for easy administration while on the road! ### Pitch Create your OIDC Client as usual in Pocket-ID and keep that window/tab open so you can copy/paste the keys to Proxmox. - In Proxmox as your admin user or Root user, Click on **Datacenter** . - On the Tree menu to the right, go to the **Permissions** setting and expand it. - Next, click on **Realms** and then **Add** then _OpenID Connect Server_ The following dialog will appear: ![image](https://github.com/user-attachments/assets/78a36328-de32-421d-ae60-77400b5c5902) This is how I have mine set and it works: The **_Realm Name_** is what you will see when you login and also shows in the username such as email@realm ![image](https://github.com/user-attachments/assets/17e10641-f77f-40b8-82cf-93bbb78a346a) Mine Realm in this case is titled SSO. :) For the _ISSUER URL_, This is **VERY IMPORTANT**!!! (I spent a good hour or two troubleshooting this). Use your domain or sub.domain.com that you use for your Pocket-ID system. For example, sso.example.com would be https://sso.example.com AVOID Using a trailing slash, it will tell you it's wrong and give a 500 error. Any other trailing information will give you an instant 500 OIDC Redirect error which is of no use and it will never direct you to the server. Once you save your settings, Open up a private browser tab, or incognito window to test the login, go to your Proxmox server and login using your shiny new log in. It should take you to your login page for Pocket-ID and after you authenticate, Proxmox will assign a new account with your email@realm with basic permissions. From there, in your other window with your root/admin Proxmox still logged in, manage the desired permissions for your shiny new user.

OVERLORD added the feature label 2025-10-07 00:15:52 +03:00

OVERLORD closed this issue

2025-10-07 00:15:53 +03:00

OVERLORD commented

2025-10-07 00:15:54 +03:00

@stonith404 commented on GitHub:

Thanks for sharing.

@stonith404 commented on GitHub: Thanks for sharing.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id#460