Module "django3_saml2_nbplugin.backends" does not define a "SAML2CustomAttrUserBackend" attribute/class

[saintwolf]

Hey there,

I'm trying to use netbox-plugin-auth-saml2 in order to use groups provided by SAML to lock down various parts of Netbox.

Authentication seems to work fine using the _utilities.authbackends.RemoteUserBackend and _django3_saml2nbplugin.backends.SAML2AttrUserBackend, however looking at the code, I need to use the SAML2CustomAttrUserBackend class so that I can pull the appropriate user groups.

When trying to specify this backend, I keep getting the error below, and I'm not sure why this class isn't being found as it's in the same file as SAML2AttrUserBackend. Am I missing something key or is this a bug?

Here's the output from the debug:

Environment:

Request Method: POST
Request URL: https://netbox.redacted.com/api/plugins/sso/acs/

Django Version: 3.1.3
Python Version: 3.8.3
Installed Applications:
['django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.humanize',
 'cacheops',
 'corsheaders',
 'debug_toolbar',
 'django_filters',
 'django_tables2',
 'django_prometheus',
 'mptt',
 'rest_framework',
 'taggit',
 'timezone_field',
 'circuits',
 'dcim',
 'ipam',
 'extras',
 'secrets',
 'tenancy',
 'users',
 'utilities',
 'virtualization',
 'django_rq',
 'drf_yasg',
 'django3_saml2_nbplugin.Django3AuthSAML2Plugin']
Installed Middleware:
['debug_toolbar.middleware.DebugToolbarMiddleware',
 'django_prometheus.middleware.PrometheusBeforeMiddleware',
 'corsheaders.middleware.CorsMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'django.middleware.security.SecurityMiddleware',
 'netbox.middleware.ExceptionHandlingMiddleware',
 'netbox.middleware.RemoteUserMiddleware',
 'netbox.middleware.LoginRequiredMiddleware',
 'netbox.middleware.APIVersionMiddleware',
 'netbox.middleware.ObjectChangeMiddleware',
 'django_prometheus.middleware.PrometheusAfterMiddleware']

Traceback (most recent call last):
  File "/opt/netbox/venv/lib64/python3.8/site-packages/django/utils/module_loading.py", line 20, in import_string
    return getattr(module, class_name)

The above exception (module 'django3_saml2_nbplugin.backends' has no attribute 'SAML2CustomAttrUserBackend') was the direct cause of the following exception:
  File "/opt/netbox/venv/lib64/python3.8/site-packages/django/core/handlers/exception.py", line 47, in inner
    response = get_response(request)
  File "/opt/netbox/venv/lib64/python3.8/site-packages/django/core/handlers/base.py", line 179, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/opt/netbox/venv/lib64/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/opt/netbox/venv/lib64/python3.8/site-packages/django3_auth_saml2/views.py", line 107, in sso_acs
    backend_obj = load_backend(backend_name)
  File "/opt/netbox/venv/lib64/python3.8/site-packages/django/contrib/auth/__init__.py", line 20, in load_backend
    return import_string(path)()
  File "/opt/netbox/venv/lib64/python3.8/site-packages/django/utils/module_loading.py", line 22, in import_string
    raise ImportError('Module "%s" does not define a "%s" attribute/class' % (

Exception Type: ImportError at /api/plugins/sso/acs/
Exception Value: Module "django3_saml2_nbplugin.backends" does not define a "SAML2CustomAttrUserBackend" attribute/class

[jeremyschulman]

Hi @saintwolf - There could have been an improper patch that is causing a difference between Netbox 2.8 and later releases. I made an experimental update to the main branch; but have not yet pushed the code into pypi. Perhaps this patch would also help you. Have you tried using the latest code on main (vs what is published on pypi)?

[saintwolf]

@jeremyschulman I'm using the code from PyPi so that will explain it. Am not too well versed with pip so am not sure how to install the dev code. I shall wait for the next version to be released. Thanks for your support.

[duviful]

Hello @jeremyschulman I overwritten the folder /opt/netbox/venv/lib/python3.7/site-packages/django3_saml2_nbplugin with the updated content in the master branch.

I'm receiving this error when I try to login {"error": "'str' object has no attribute 'items'", "exception": "AttributeError", "netbox_version": "2.10.4", "python_version": "3.7.3"}

I'm switching back to the SAML2DottedEmailUserBackend for now (which works well), but having groups mapping would be a nice addition. Let me know if I can help somehow. Thanks.

[jeremyschulman]

@duviful - I have not tested with Netbox 2.10 release; and I am hearing that there are some changes to the plugin infrastructure that may account of the issues you are seeing. I do have plans to upgrade to 2.10, but not in the near term. I am hoping someone else running 2.10 may be able to review this further and perhaps make a PR.

[rakeshmohan46]

@saintwolf @jeremyschulman: I had to make these changes for the plugin to work. pip install --upgrade --force-reinstall git+https://github.com/jeremyschulman/netbox-plugin-auth-saml2.git REMOTE_AUTH_BACKEND = 'django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend'

Rest of the configuration I kept the same. I hope this is the right way, if there is an alternative, please let me know.

[jeremyschulman]

@rakeshmohan46 - you are correct, thank you for working through this. I will push the latest code into PyPi this week so the installation process will be better for all.

[jeremyschulman]

@rakeshmohan46 - finally pushed the update for v2.2 to PyPi. closing this issue.