search

jeremyschulman / netbox-plugin-auth-saml2

Netbox plugin for SSO using SAML2
119 stars 23 forks source link

Redirection to /sso/acs not working #30

Closed salman-uk closed 3 years ago

salman-uk commented 3 years ago

Hi,

I am on netbox version 2.10.4 with the latest version of the plugin and am getting a page not found error post authentication when being redirected to /sso/acs.

Please find my config files below:

configuration.py:

Enable installed plugins. Add the name of each plugin to the list.

PLUGINS = ['django3_saml2_nbplugin']

PLUGINS_CONFIG = { 'django3_saml2_nbplugin': {

Use the Netbox default remote backend

    'AUTHENTICATION_BACKEND': 'SAML2DottedEmailUserBackend',

    # Custom URL to validate incoming SAML requests against
    'ASSERTION_URL': 'https://netbox.example.com',
    # Populates the Issuer element in authn reques e.g defined as "Audience URI (SP Entity ID)" in SSO
    'ENTITY_ID': 'https://netbox.example.com/',
    # Metadata is required, choose either remote url or local file path
    'METADATA_AUTO_CONF_URL': "https://login.microsoftonline.com/1c2da354-196b-4818-91e4-f760cbaac9e4/federationmetadata/2007-06/federationmetadata.xml?appid=f7ed7cae-a404-4de7",

   # 'DEFAULT_SSO_ACS_URL': "api/plugins/sso/acs/",

Settings for SAML2CustomAttrUserBackend. Optional.

    'CUSTOM_ATTR_BACKEND': {

Attribute containing the username. Optional.

        'USERNAME_ATTR': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',

Attribute containing the user's email. Optional.

        'MAIL_ATTR': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',

Attribute containing the user's first name. Optional.

        'FIRST_NAME_ATTR': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname',

Attribute containing the user's last name. Optional.

        'LAST_NAME_ATTR': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname',

Set to True to always update the user on logon

from SAML attributes on logon. Defaults to False.

'ALWAYS_UPDATE_USER': False,

Attribute that contains groups. Optional.

'GROUP_ATTR': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/groups',

Dict of user flags to groups.

If the user is in the group then the flag will be set to True. Optional.

'FLAGS_BY_GROUP': {

'is_staff': 'saml-group1',

'is_superuser': 'saml-group2'

},

Dict of SAML groups to NetBox groups. Optional.

Groups must be created beforehand in NetBox.

'GROUP_MAPPINGS': {

'okta-group1: 'netbox-group'

}

    }
}

}

Remote authentication support

REMOTE_AUTH_ENABLED = True REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend' REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER' REMOTE_AUTH_AUTO_CREATE_USER = True REMOTE_AUTH_DEFAULT_GROUPS = [] REMOTE_AUTH_DEFAULT_PERMISSIONS = {}

Can you advise on where the issue might be, not that familiar with Django so any assistance is much appreciated?