Closed beezed1 closed 2 years ago
jeremyschulman
commented
2 years ago Hi @beezed1 - Someone recently added a documentation note regarding the pysaml2 dependency that may be afflicting this issue; I am not certain. I just merged that doc to main branch. Please let me know if you've resolved the issue; and if so what steps you took so that others can learn from your experience. Thank you!
beezed1
commented
2 years ago Hello @jeremyschulman - I'd forgotten to update this.
After a lot of trial and error (and gentle sobbing) I finally hit upon the correct combination of URLs (with and without trailing slashes) in the Okta setup.
Within Okta my URLs were as below :
Single Sign On URL https://netbox-test.xxx/sso/acs/ Recipient URL https://netbox-test.xxx/ Destination URL https://netbox-test.xxx/sso/acs/ Audience Restriction https://netbox-test.xxx.com
And also I needed set both "Response" and "Assertion Signature" to "signed".
Thanks for the plugin - all works perfectly now.
Phil
Hello,
I have a nearly (I think) working setup of Netbox using the plugin for Okta authentication. Hopefully someone with expertise in this subject will be able to assist me with getting over the final hurdle.
The Okta authentication seems to work seems to work fine but then I'm returned to NetBox with the errors "Access Denied" and "You do not have permission to access this page".
I'm on Netbox 3.0.2 with version 2.4 of the "Netbox Plugin for SSO using SAML2".
In Okta the URLs are configured as below : SSO URL https://netbox-xxx.com/api/plugins/sso/acs Receipient URL https://netbox-xxx.com/api/plugins/sso/acs Destination URL https://netbox-xxx.com/api/plugins/sso/acs Audience Redirection https://netbox-xxx.com
In my configuration.py I have the following set :
PLUGINS = ['django3_saml2_nbplugin'] PLUGINS_CONFIG = { 'django3_saml2_nbplugin': { 'AUTHENTICATION_BACKEND': 'django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend', 'ASSERTION_URL': 'https://netbox-xxx.com', 'ENTITY_ID': 'https://netbox-xxx.com', 'METADATA_LOCAL_FILE_PATH': '/opt/netbox/netbox_okta.xml' } } REMOTE_AUTH_ENABLED = True REMOTE_AUTH_BACKEND = 'django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend' REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER' REMOTE_AUTH_AUTO_CREATE_USER = True REMOTE_AUTH_DEFAULT_GROUPS = [] REMOTE_AUTH_DEFAULT_PERMISSIONS = {}
After the Okta authentication has completed successfully I'm directed to the page "https://netbox-xxx.com/api/plugins/sso/acs" but with the access denied error.
Should it be returning me to SSO URL or should it be returning me to the front page? Or Is this page correct but there is a permissions problem?
I've tried adjusting the URLs in Okta but without any success.
I can't see anything obvious in the Okta logs apart from the 403 error. Likewise I've looked at the SAML trace entries from the browser, again nothing obvious there.
Any advice would be gratefully received. This is all a new subject to me I may be doing something fundamentally wrong.
Thanks Phil