I’m just wondering if anyone is able to offer any advice getting SSO with Incus working with Authentik.
What I’ve done so far:
I’ve setup the Incus UI through the traefik referse proxy just by forwarding to the 8443:
router_incus:
rule: "Host(`incus.<domain>`)"
service: service_incus
entryPoints:
- websecure
tls:
certResolver: letsEncrypt
service_incus:
loadBalancer:
servers:
- url: "https://192.168.1.70:8443"
serversTransport: ignore_ca
This seems to load the page up correctly and takes me to https://incus./ui/login
From here I set within the UI > Settings > oidc:
oidc.audience: https://incus.
oidc.clain: email
oidc.client.id:
oidc.issuer: https://auth./application/o/incus/
oidc.scopes: openid,profile,email
Then within Authentik, I’ve setup a new application tied to a new OAuth2/OpenID provider.
The provider has the Client ID which s entered into Incus, Redirect URIs is set to:
strict: https://incus./oidc/callback
When I go to the home page and click on the “Login with SSO” button, it takes me to Authentik. The scopes requested seem to match and it requries the Email address and General Profile, I click on continue and it redirects me to the /ui page which then says it can’t find the default project and returns me to the /ui/login page.
I’m using version 6.10.1-ui-0.15 from the Zipply repo, on an Ubuntu 24.04 server.
Can see some logs in the /var/log/incus but none when this occurs and more to do with container/VM stuff.
Any help gratefully received and if more info required please let me know and I’ll provide.