Open RyanMesser opened 3 years ago
Hello, Same problem for me on NetBox v3.0.2 (image built from a custom Dockerfile)
AttributeError: module 'base64' has no attribute 'decodestring'
I'm available for testing and troubleshooting. Thanks
"If using NetBox's built-in remote authentication backend, update REMOTE_AUTH_BACKEND to 'netbox.authentication.RemoteUserBackend', as the authentication class has moved."
https://netbox.readthedocs.io/en/stable/release-notes/version-2.9/#configuration-changes
I'm using the plugin to handle SAML authentication and not the build-in auth backend, this is a snippet of the extra.py file working with v2.11
REMOTE_AUTH_BACKEND = "django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend"
REMOTE_AUTH_AUTO_CREATE_USER = True
REMOTE_AUTH_DEFAULT_GROUPS = 'Viewers'
REMOTE_AUTH_DEFAULT_PERMISSIONS= 'None'
PLUGINS = ['django3_saml2_nbplugin']
PLUGINS_CONFIG = {
'django3_saml2_nbplugin': {
'AUTHENTICATION_BACKEND': REMOTE_AUTH_BACKEND,
your suggestion is to change REMOTE_AUTH_BACKEND from django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend
to netbox.authentication.RemoteUserBackend
?
wouldn't it just revert to the built-in auth and lose SAML functionalities?
I'm using the plugin to handle SAML authentication and not the build-in auth backend, this is a snippet of the extra.py file working with v2.11
REMOTE_AUTH_BACKEND = "django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend" REMOTE_AUTH_AUTO_CREATE_USER = True REMOTE_AUTH_DEFAULT_GROUPS = 'Viewers' REMOTE_AUTH_DEFAULT_PERMISSIONS= 'None' PLUGINS = ['django3_saml2_nbplugin'] PLUGINS_CONFIG = { 'django3_saml2_nbplugin': { 'AUTHENTICATION_BACKEND': REMOTE_AUTH_BACKEND,
your suggestion is to change REMOTE_AUTH_BACKEND from
django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend
tonetbox.authentication.RemoteUserBackend
?wouldn't it just revert to the built-in auth and lose SAML functionalities?
I concur with this, how does this modification effect that this plugin doesn't build when using Netbox 3.0.2 ?
I am also getting the AttributeError: module 'base64' has no attribute 'decodestring'
error after upgrading to v3 and using netbox-docker. Looks like decodestring
has been deprecated and is finally causing some issues — you can read more about it on this SO question and also from the Python docs. Latest netbox-docker image uses alpine with python at 3.9 I believe.
I think the root issue is the pysaml2
dependency used in django3-auth-saml2 which is in turn used by the plugin:
File "/opt/netbox/venv/lib/python3.9/site-packages/django3_auth_saml2/urls.py", line 3, in <module>
from . import views
File "/opt/netbox/venv/lib/python3.9/site-packages/saml2/saml.py", line 90, in <module>
_b64_decode_fn = getattr(base64, 'decodebytes', base64.decodestring)
Looks like pysaml2
was updated by dependabot in the django3-auth-saml2 repo, but there hasn't been a release to pypi since then per this issue. Maybe go give that issue some love! Maintainer just might now know this is an issue since NetBox v3 is still relatively new.
This solution will depend on your deployment, but I was able to resolve the issue by adding RUN /opt/netbox/venv/bin/pip install pysaml2==6.5.0 -U
to the end of my Dockerfile-Plugins
.
It will give you the following error when you build the image:
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
django3-auth-saml2 0.2.0 requires pysaml2==5.0.0, but you have pysaml2 6.5.0 which is incompatible.
This can be ignored as far as I can tell. Once the new version of django3-auth-saml2
is pushed to pypi this should go away.
This solution will depend on your deployment, but I was able to resolve the issue by adding
RUN /opt/netbox/venv/bin/pip install pysaml2==6.5.0 -U
to the end of myDockerfile-Plugins
.It will give you the following error when you build the image:
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts. django3-auth-saml2 0.2.0 requires pysaml2==5.0.0, but you have pysaml2 6.5.0 which is incompatible.
This can be ignored as far as I can tell. Once the new version of
django3-auth-saml2
is pushed to pypi this should go away.
Thanks, this worked for me. Got the error you mentioned on build but afterwards it seems to work fine. I've tested this on the latest version of Nextbox (3.0.7).
@jacobhrussell - thank you for digging into this issue and finding the root cause. There is another package that needs to be installed, which is here: https://github.com/jeremyschulman/django3-auth-saml2/blob/master/requirements.txt and that does have the pysaml2 library pinned to 6.5.0.
@jeremyschulman my pleasure and thanks for the awesome plugin!
Hey all
I've recently deployed Netbox 3.0.10 and I'm currently getting this issue. I upgrade pysaml2 to 6.5.0 however the problem is still occurring. Any ideas on anything else I can check? This is a pretty fresh install (not using docker)
Thanks
Here's my Dockerfile (DockerHub). I needed to explicitly pin pysaml2 to 6.5.2 to get it to work.
for those of us not using Docker and who must have repeatable Ansible scripts, these workarounds are not a proper method to solve this. We need a proper solution (django3-auth-saml2 updated in pypi to support pysaml2 >= 6.5.2 (latest is 7.1.0). I'm also not able to pull from github due to airgapped servers and have to rely on replicated pypi repo, so if it isn't in pypi, I can't use it.
@celldara - I can fix this. I think the right thing to do is to unpin the version of pysaml2 in the django3-auth-saml2 repo. If I did that then I believe you would most likely need to install pysaml2 first with the version you need, and then install the django3 repo. Would that approach work for you?
@jeremyschulman as long as it makes it into the pypi repository. I can only use it if it is pushed to pypi. You already have a version that supports pysaml2==6.5.0 but it isn't pushed to pypi either.
Maybe set a minimum version of 6.5.2 (which seems to work with Python 3.9) and let it match at least that
ok, I'll push it to pypi shortly. sorry for that.
On Thu, Dec 2, 2021 at 1:00 PM celldara @.***> wrote:
@jeremyschulman https://github.com/jeremyschulman as long as it makes it into the pypi repository. I can only use it if it is pushed to pypi. You already have a version that supports pysaml2==6.5.0 but it isn't pushed to pypi either.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jeremyschulman/netbox-plugin-auth-saml2/issues/45#issuecomment-984865928, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAT4WVDMAHFDUHM46QXAGATUO6X23ANCNFSM5EH2DERQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
Thank you. I was dreading doing the SAML2 auth to NetBox when I found your solution. Much nicer than doing it in Apache using mod_auth_mellon.
@celldara - ok, I just pushed a version of django repo that sets saml2 to >= 6.5.0. The new release version is 0.2.1. Please give that a try and let me know if that works for you; or if not we can work through the issues.
I'll have to wait for the pypi repo to replicate here. I still have lots of work to finish up on what is needed to migrate our old data to the new servers, so it may be a couple days before I test.
@jeremyschulman The new version pushed to pypi worked great. It allowed install of pysaml2 7.1.0 (it just installed the latest version by default without having to specify a version). SAML2 Auth with Azure SSO works great with Python 3.9 now. Thanks
@celldara - excellent. I would like to close this issue @RyanMesser. Would that be AOK with you?
Hi,
This plugin works fine in Netbox 2.9.11 but when updating to 3.0 or 3.0.2 I get the below error and the container doesn't start. I tried adding this to the Dockerfile but has had no effect
RUN sed -i 's/base64.decodestring/base64.decodebytes/g' /opt/netbox/venv/lib/python3.9/site-packages/saml2/saml.py
The error I get in the logs is the below File "/opt/netbox/venv/lib/python3.9/site-packages/saml2/saml.py", line 91, in,
_b64_encode_fn = getattr(base64, 'encodebytes', base64.encodestring)
Any ideas on what I could do to fix?