search

jeremyschulman / netbox-plugin-auth-saml2

Netbox plugin for SSO using SAML2
119 stars 21 forks source link

NoneType object has no attribute 'require_signature #39

Open vnamb opened 3 years ago

vnamb commented 3 years ago

We've been trying to use this plugin for SSO implementation with netbox-docker. The SSO BANNER_LOGIN button successfully redirects the user first to OKTA and then back to netbox upon successful authentication.

However, netbox throws a 500 Internal Server error:

{"error": "'NoneType' object has no attribute 'require_signature'", "exception": "AttributeError", "netbox_version": "2.11.7", "python_version": "3.8.10"}

Looks very similar to this issue: https://github.com/jeremyschulman/netbox-plugin-auth-saml2/issues/24

Some relevant info:

## Relevant Plugins installed on Netbox container: 
bash-5.1$ /opt/netbox/venv/bin/python3 -m pip freeze | grep saml
django3-auth-saml2==0.2.0
netbox-plugin-auth-saml2==2.3
pysaml2==5.0.0

Snippet from env/netbox.env

REMOTE_AUTH_ENABLED=True
REMOTE_AUTH_BACKEND=netbox.authentication.RemoteUserBackend
REMOTE_AUTH_AUTO_CREATE_USER=True

Note: Ours is a containerized netbox setup similar to this: https://github.com/netbox-community/netbox-docker/blob/release/env/netbox.env

Snippet from configuration.py


PLUGINS_CONFIG = {
    'django3_saml2_nbplugin': {

        # Use the Netbox default remote backend
        'AUTHENTICATION_BACKEND': REMOTE_AUTH_BACKEND,

        # Custom URL to validate incoming SAML requests against
        'ASSERTION_URL': 'https://netbox.mycompany.com/api/plugins/sso/acs/',

        # Populates the Issuer element in authn reques e.g defined as "Audience URI (SP Entity ID)" in SSO
        'ENTITY_ID': 'https://netbox.mycompany.com/',

        # Metadata is required, choose either remote url or local file path
        #'METADATA_AUTO_CONF_URL': "https://mycompany.okta.com/app/exdfgfhfwDhFM3D81t7/sso/saml/metadata"
    # or local file path
        'METADATA_LOCAL_FILE_PATH': '/opt/netbox/netbox_saml2.xml',
    }
}
BANNER_LOGIN = '<a href="/api/plugins/sso/login" class="btn btn-primary btn-block">Login with SSO</a>'
jeremyschulman commented 3 years ago

@vnamb - just checking in with you; did you find a solution to this issue?

vnamb commented 3 years ago

Hey @jeremyschulman , Thanks for checking in. No, we haven't found a solution yet.

jeremyschulman commented 3 years ago

Hi @vnamb - OK. I was going through the setup of a new Netbox 2.11.9 system today, and hit a similar issue. The mistake was in my plugin configuraiton; where I forgot the "https://" in the ASSERTION_URL and ENTITY_ID.

It turns out that all of these values must be exactly the same between the netbox config and the SSO system. If not, the SAML2 decoding process does not process correctly and the resulting error is not all that insightful. A bit of trial and error.

Good luck with your efforts, and please keep me posted if you find a solution.

jeremyschulman commented 2 years ago

@vnamb - Checking in to see if this issue is still active. Please let me know. I will plan to close in +30 days if I have not heard back otherwise. Thank you!