search

jeremyschulman / netbox-plugin-auth-saml2

Netbox plugin for SSO using SAML2
119 stars 21 forks source link

Login loop, but no authentication #37

Closed garciajrx closed 3 years ago

garciajrx commented 3 years ago

Hi everyone, need some guidance from the experts :)

I am facing issues trying to setup it on Okta

Thru nginx proxy it gets into a loop and never get in. Using login button it just refresh the logon page. Authentications is not even happening.

Can someone please provide an Okta screenshot of a working environment? I feel like I am missing something there.

I am certainly missing something here. Follow below loop log snippet, configuration.py and Okta setup.

2021-05-14 17:45:32,825 INFO [basehttp.py:157] "GET /api/plugins/sso/login/?next=/ HTTP/1.0" 302 0
2021-05-14 17:45:33,980 INFO [basehttp.py:157] "POST / HTTP/1.0" 302 0
2021-05-14 17:45:34,318 INFO [basehttp.py:157] "GET /api/plugins/sso/login/?next=/ HTTP/1.0" 302 0
2021-05-14 17:45:35,424 INFO [basehttp.py:157] "POST / HTTP/1.0" 302 0
2021-05-14 17:45:35,841 INFO [basehttp.py:157] "GET /api/plugins/sso/login/?next=/ HTTP/1.0" 302 0
2021-05-14 17:45:36,750 INFO [basehttp.py:157] "POST / HTTP/1.0" 302 0
2021-05-14 17:45:37,107 INFO [basehttp.py:157] "GET /api/plugins/sso/login/?next=/ HTTP/1.0" 302 0
2021-05-14 17:45:37,844 INFO [basehttp.py:157] "POST / HTTP/1.0" 302 0
2021-05-14 17:45:38,180 INFO [basehttp.py:157] "GET /api/plugins/sso/login/?next=/ HTTP/1.0" 302 0
2021-05-14 17:45:39,244 INFO [basehttp.py:157] "POST / HTTP/1.0" 302 0
2021-05-14 17:45:39,719 INFO [basehttp.py:157] "GET /api/plugins/sso/login/?next=/ HTTP/1.0" 302 0
2021-05-14 17:45:41,057 INFO [basehttp.py:157] "POST / HTTP/1.0" 302 0

configuration.py

# Remote authentication SAML2
REMOTE_AUTH_ENABLED = True
#REMOTE_AUTH_BACKEND = 'utilities.auth_backends.RemoteUserBackend'
REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend'
#REMOTE_AUTH_BACKEND = 'django3_saml2_nbplugin.backends.SAML2AttrUserBackend'
REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER'
REMOTE_AUTH_AUTO_CREATE_USER = True
REMOTE_AUTH_DEFAULT_GROUPS = ['engineering']
#REMOTE_AUTH_DEFAULT_PERMISSIONS = {}

PLUGINS = ['django3_saml2_nbplugin']
PLUGINS_CONFIG = { 
    'django3_saml2_nbplugin': {

        # Use the Netbox default remote backend
        'AUTHENTICATION_BACKEND': REMOTE_AUTH_BACKEND,

        # Custom URL to validate incoming SAML requests against
        'ASSERTION_URL': 'https://xxx.ngrok.io',

        # Populates the Issuer element in authn reques e.g defined as "Audience URI (SP Entity ID)" in SSO
        'ENTITY_ID': 'https://xxx.ngrok.io',

        # Metadata is required, choose either remote url
        # 'METADATA_AUTO_CONF_URL': "https://orgxxxx.okta.com/app/dajhdjhshjdashjdashjda/sso/saml/metadata",
        # or local file path
        'METADATA_LOCAL_FILE_PATH': '/opt/netbox/saml2.metadata',

        'DEFAULT_SSO_ACS_URL': "/api/plugins/sso/acs/"
    }
}

okta-saml1

okta-saml2
garciajrx commented 3 years ago

I have found many typos/mistakes in my setup. Login is working now.