OpenID with Authnetik

  • 14 April 2024
  • 5 replies

Badge +1


We’re trying to setup OpenID authentication using our Authentik service.

I followed the Centreon documentation but I can’t manage to make it work.

This is our Centreon conf :

This is our Authentik conf :

When I click on OpenID button, it send a request to :


that fail on Authentik with a 404 code.

Any idea how to fix this ?

5 replies

Userlevel 6
Badge +19

Hi @MOAR , Redirect URL must be the url to be redirected from your IdP to Centreon, so Centreon URL.

You must define nothing or your Centreon URL like:

Badge +1

Hi @MOAR , Redirect URL must be the url to be redirected from your IdP to Centreon, so Centreon URL.

You must define nothing or your Centreon URL like:

Seems to be a proxy error...
When I removed the Redirect URL on Centreon, I still got an error but with this request :


We’re using Teleport to access the ui.
Do we still need to put a reverse proxy on localhost and access it using Teleport ?


Hi @MOAR ,

I believe you’ll find two separate issues. First is that Authentik doesn’t need the application to be part of the URL:

Authorization Endpoint should be https://$AUTHENTIK_FQDN/application/o/authorize/ not https://$AUTHENTIK_FQDN/application/o/centreon/authorize .

This is the same for the other URLs.

Secondly, Centreon strips the final ‘/’ from the URL by the looks of it. Authentik expects a ‘/’ at the end of the URL. You’ll get a 404 error because “application/o/authorize” isn’t a URL. “application/o/authorize/” is a URL that Authentik works with though. You can even see this by inserting the “/” when you get a 404.

@Laurent - Should I raise a GitHub issue for this?

Badge +1

I edited the URLs, still not working.

The openid button redirect to  :


And I still get a Not found on authentik.


Hi @MOAR ,

This is what I was talking about in the second part of the post. When you edit the URL in the interface, Centreon strips the trailing slash off the path.

https://AUTHENTIK_FQDN/application/o/authorize/ becomes https://AUTHENTIK_FQDN/application/o/authorize and that won’t work. You can see it by following the login link and then, on the Authentik 404 page, put a slash in the URL like this:


See the added slash in “authorize/?client_id” - That is what is missing. It specifically needs to be there. If you add that slash and hit enter, you’ll get forwarded back to Centreon, but then Centreon complains that the URLs don’t match (because it has “authorize?client_id” in the database) and so it won’t authorize the login.

SAML does work for Centreon though, so you could use SAML. It’s not too complex to set up either.