Zero Trust Access (OIDC) + Proxmox VE

I'm trying to set up Proxmox VE via OIDC to use Cloudflare ZT as an authentication realm. I've got everything created, but unfortunately when I go to sign into Proxmox I get a "OpenID redirect failed. Failed to parse server response" error from Proxmox. This seems to be an error coming from the JSON decoder of a request generated by the openidconnect rust package, which Proxmox uses internally. Unfortunately, it is quite complex to set up a debug environment for the Proxmox side, so I'm wondering if anyone has any ideas or perhaps has a way to find out what's happening on the Cloudflare side? Thanks
No description
2 Replies
Erisa
Erisa2mo ago
I've experienced the same and debugged it enough to learn that https://erisa.cloudflareaccess.com/.well-known/openid-configuration is missing some fields which the json decoder sees as required. I'll raise this to the team when I can and see what they can do
tt2468
tt24687d ago
awesome, thanks! Thought I'd check in on this. Any updates by chance? Maybe I could cheat it by creating a worker to proxy the API and inject the necessary fields, but I don't know what openidconnect-rs is needing since the error is unfortunately not helpful Bumping this issue. Is this something that is on the radar? It's currently the one thing keeping us from moving everything to ZTA