Update IdentityProvider/proxmox.md

IdentityProvider/proxmox.md

@@ -2,7 +2,8 @@
 
 ## Base URLs:
 IDP: `fac.mydomain.com`  
-SP: `pve01.mydomain.local`
+SP for PVE: `pve01.mydomain.local:8006`
+SP for PBS: `pbs.mydomain.local:8007`
 
 ## FAC
 
@@ -35,7 +36,8 @@ SP: `pve01.mydomain.local`
 6) Policy: `choose Proxmox from Step 2`
 7) Access token expiry: `change to your needs or leave default (36000 seconds)`
 8) Refresh token expiry: `change to your needs or leave default (1 day)`
-9) Redirect URIs: `https://pve01.mydomain.com:8006` (if you have multiple hosts just enter them same way with space in between)
+9) for **PVE** - Redirect URIs: `https://pve01.mydomain.com:8006` (if you have multiple hosts just enter them same way with space in between)  
+   for **PBS** - Redirect URIs: `https://pbs.mydomain.com:8007` (if you have multiple hosts just enter them same way with space in between)
 10) Add 3 Scopes with `+ Add Relying Party Scope`
 11) Set the scopes to this:
 | Scope      | Default |
@@ -72,3 +74,21 @@ SP: `pve01.mydomain.local`
 1) Click on `Add` to create a new Group Permission
 ![SP](images/proxmox_sp_02.png)
 2) Now you can change to Group on autocreated users to the groups you have just created to give new users permissions.
+
+## Proxmox PBS
+
+**#1 Configuration > Access Control > Realms**
+1) Click on `Add` and choose `OpenID Connect Server` from dropdownlist
+2) Issuer URL: `https://fac.mydomain.com/api/vl/oauth`
+3) Realm: `FortiAuthenticator` (choose name whatever you want)
+4) Client ID: `ID from FAC step #4-4`
+5) Client Key: `secret from FAC step #4-5`
+6) Autocreate Users: Check this if you want autocreation of users.
+7) Username Claim: `username`
+8) Scopes: `Default (email profile)`
+9) Prompt: `Auth-Provider Default`
+10) Add
+![SP](images/proxmox-pbs_sp_01.png)
+
+**#2 Configuration > Access Control > Permissions**
+1) Click on `Add` to create a new User Permission