Snaky
605
Here is a quick guide for enabling Azure AD Open ID Connect (OIDC) authentication method for login Proxmox:
- First, you need to create an Azure AD application. Login to the Azure portal and navigate to the “Azure Active Directory” service. Click on “App Registrations” and then click “+ New registration” to create a new Azure AD application.
- Enter a name for the application and select “Accounts in this organizational directory only” as the supported account type. Also, set the “Redirect URI” to “https://your-proxmox-server-fqdn:8006/auth/realms/proxmox/protocol/openid-connect/callback”. Save the application once the settings are configured.
- After that, note down the “Application (client) ID” and “Tenant ID” from the application overview page. You will need these IDs for configuring Proxmox.
- Configure Proxmox to use OIDC Authentication method. SSH into your Proxmox server and edit the “pveproxy.conf” file in the “/etc/pve/nodes/proxmox-server-name” directory. Add the following lines for Open ID Connect authentication:
SSLCertificateFile /etc/pve/local/pveproxy-ssl.pem
SSLCertificateKeyFile /etc/pve/local/pveproxy-ssl.key
OIDCProviderMetadataURL https://login.microsoftonline.com/TENANT_ID/v2.0/.well-known/openid-configuration
OIDCClientID APPLICATION_CLIENT_ID
OIDCClientSecret YOUR_APPLICATION_SECRET
OIDCRedirectURI https://your-proxmox-server-fqdn:8006/auth/realms/proxmox/protocol/openid-connect/callback
OIDCCryptoPassphrase YOUR_CHOSEN_CRYPTO_PASSPHRASEMake sure to replace TENANTID, APPLICATIONCLIENTID, and APPLICATIONSECRET with the values obtained from the Azure AD application.
- Save the “pveproxy.conf” file and restart the Proxmox service using the command “systemctl restart pveproxy.service”.
- Once the service is restarted, you should be able to access the Proxmox login screen via your web browser. Click on the “OIDC Login” button and sign in with your Azure AD account to access the Proxmox dashboard.
Refer – https://www.reddit.com/r/Proxmox/comments/pqxu2o/proxmox_oidc_authentication_azure_ad/
