WirFixenAlles/Boilerplates
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add IdentityProvider/proxmox.md

Browse Source
This commit is contained in:
Manuel Gläser
2024-06-30 16:49:19 +00:00
parent 3a68d03d88
commit 72ce437d79
1 changed files with 74 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
IdentityProvider/proxmox.md Normal file
View File

@@ -0,0 +1,74 @@
# Proxmox
## Base URLs:
IDP: `fac.mydomain.com`
SP: `pve01.mydomain.local`
## FAC
**#1 Authentication > OAuth Service > Portals**
1) Create New
2) Name: `Proxmox`
3) leave everything else default
4) Save
![IDP](images/proxmox_idp_01.png)
**#2 Authentication > OAuth Service > Policies**
1) Create New
2) Policy type: Name: `Proxmox`
3) Identity sources: `Realm: select your realm and Groups in den Filter that should have access`
4) Authentication factors: Change settings to your needs, f.e. `Application name for FTM push notification: Proxmox`
![IDP](images/proxmox_idp_02.png)
**#3 Authentication > OAuth Service > Scopes**
1) Create New (if not already there)
2) Name: `profile`
3) Name: `email`
![IDP](images/extra_scopes.png)
**#4 Authentication > OAuth Service > Relying Party**
1) Name: `Proxmox`
2) Client type: `Confidential`
3) Authorization grant types: `Authorization code`
4) Client ID: `note this ID`
5) Client secret: `note this secret`
6) Policy: `choose Proxmox from Step 2`
7) Access token expiry: `change to your needs or leave default (36000 seconds)`
8) Refresh token expiry: `change to your needs or leave default (1 day)`
9) Redirect URIs: `https://pve01.mydomain.com:8006` (if you have multiple hosts just enter them same way with space in between)
10) Add 3 Scopes with `+ Add Relying Party Scope`
11) Set the scopes to this:
| Scope | Default |
| :--- | :----: |
| openid | x |
| email | x |
| profile | x |
12) Save
13) Add 1 Claim with `+ Add Claim`
14) Set the Claims to this:
| Scope | Name | User Attribute |
| :--- | :----: | :----: |
| openid | preferred_username | Email |
15) Save
![IDP](images/proxmox_idp_03.png)
## Proxmox VE
**#1 Datacenter > Permissions > Realms**
1) Click on `Add` and choose `OpenID Connect Server` from dropdownlist
2) Issuer URL: `https://fac.mydomain.com/api/vl/oauth`
3) Realm: `FortiAuthenticator` (choose name whatever you want)
4) Client ID: `ID from FAC step #4-4`
5) Client Key: `secret from FAC step #4-5`
6) Default: Check this if you want FAC to be your default IDP to login
7) Autocreate Users: Check this if you want autocreation of users.
8) Username Claim: `username`
9) Scopes: `Default (email profile)`
10) Prompt: `Auth-Provider Default`
11) Add
![SP](images/proxmox_sp_01.png)
**#2 Datacenter > Permissions**
1) Click on `Add` to create a new Group Permission
![SP](images/proxmox_sp_02.png)
2) Now you can change to Group on autocreated users to the groups you have just created to give new users permissions.