WirFixenAlles/Boilerplates
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update IdentityProvider/proxmox.md

Browse Source
This commit is contained in:
Manuel Gläser
2024-06-30 17:08:05 +00:00
parent 7526960149
commit d82cca4399
1 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
IdentityProvider/proxmox.md
View File

@@ -2,7 +2,8 @@
## Base URLs: ## Base URLs:
IDP: `fac.mydomain.com` IDP: `fac.mydomain.com`
SP: `pve01.mydomain.local` SP for PVE: `pve01.mydomain.local:8006`
SP for PBS: `pbs.mydomain.local:8007`
## FAC ## FAC
@@ -35,7 +36,8 @@ SP: `pve01.mydomain.local`
6) Policy: `choose Proxmox from Step 2` 6) Policy: `choose Proxmox from Step 2`
7) Access token expiry: `change to your needs or leave default (36000 seconds)` 7) Access token expiry: `change to your needs or leave default (36000 seconds)`
8) Refresh token expiry: `change to your needs or leave default (1 day)` 8) Refresh token expiry: `change to your needs or leave default (1 day)`
9) Redirect URIs: `https://pve01.mydomain.com:8006` (if you have multiple hosts just enter them same way with space in between) 9) for **PVE** - Redirect URIs: `https://pve01.mydomain.com:8006` (if you have multiple hosts just enter them same way with space in between)
for **PBS** - Redirect URIs: `https://pbs.mydomain.com:8007` (if you have multiple hosts just enter them same way with space in between)
10) Add 3 Scopes with `+ Add Relying Party Scope` 10) Add 3 Scopes with `+ Add Relying Party Scope`
11) Set the scopes to this: 11) Set the scopes to this:
| Scope | Default | | Scope | Default |
@@ -71,4 +73,22 @@ SP: `pve01.mydomain.local`
**#2 Datacenter > Permissions** **#2 Datacenter > Permissions**
1) Click on `Add` to create a new Group Permission 1) Click on `Add` to create a new Group Permission
![SP](images/proxmox_sp_02.png) ![SP](images/proxmox_sp_02.png)
2) Now you can change to Group on autocreated users to the groups you have just created to give new users permissions. 2) Now you can change to Group on autocreated users to the groups you have just created to give new users permissions.
## Proxmox PBS
**#1 Configuration > Access Control > Realms**
1) Click on `Add` and choose `OpenID Connect Server` from dropdownlist
2) Issuer URL: `https://fac.mydomain.com/api/vl/oauth`
3) Realm: `FortiAuthenticator` (choose name whatever you want)
4) Client ID: `ID from FAC step #4-4`
5) Client Key: `secret from FAC step #4-5`
6) Autocreate Users: Check this if you want autocreation of users.
7) Username Claim: `username`
8) Scopes: `Default (email profile)`
9) Prompt: `Auth-Provider Default`
10) Add
![SP](images/proxmox-pbs_sp_01.png)
**#2 Configuration > Access Control > Permissions**
1) Click on `Add` to create a new User Permission