> It seemed to work reliably once Keycloak was configured correctly. One > thing that was confusing, even with `Overwrite Groups` no groups are set > if they aren't already configured on the PVE cluster.
This is by design (and mentioned in docs patch) to prevent an arbitrary number of groups being created in the event there are other groups in the claim that do not exist in PVE (e.g. imagine every group for a large directory service is included in the claim but not all of them apply to PVE). There could be an option added to auto-create groups (maybe default disabled) to allow users to have this capability, too. _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
