Closed log1cb0mb closed 4 years ago
In addition to User profile paramters, it would be nice to add SSO users attirbutes mapping for e.g:
'ATTRIBUTES_MAP': { # Change Email/UserName/FirstName/LastName to corresponding SAML2 userprofile attributes.
'email': 'Email',
'username': 'UserName',
'first_name': 'FirstName',
'last_name': 'LastName',
},
These or atleast group attributes so that users can be dynamically assigned to relevant groups in NetBox based on group membership in SSO/OKTA.
Since i have figured out this, i managed to also use user.is_staff
attribute in configure_user
function. I added additional group attribute in OKTA app and setting staff status based on group value:
.....
user.first_name, user.last_name = map(str.title, user.username.split('.'))
if 'usergroupname' in user_ident['user_group'][0]:
user.is_staff = True
This works but not exactly neat, i am hoping to define these parameters in PLUGIN_CONFIG and this function uses those values when configuring user. Any suggestions?
@mrrobottt443 - Sorry for the delay responding. You were on the right track to modify the backend class; or create a new one. Glad that you were able to develop a working solution.
When I designed the original https://github.com/jeremyschulman/django3-auth-saml2 package, I chose to utilize the native Django Backends framework rather than to overlay another set of settings configuration via PLUGIN_CONFIG. The reason for doing so is that I did not want to complicate the code to handle User-defined relationships and "logic" in a data structure. As I understand the Django Backends framework, that is the purpose of creating the code in this area. But perhaps I got it wrong as I am generally new to using Django.
I hope this addresses your question/issue, and I am closing this issue.
Python 3.6.8 django3-auth-saml2 0.2.0 netbox-plugin-auth-saml2 0.2 NetBox 2.8.6
I have been trying to make additional parameter
user.is_staff
work, either with defined value inPLUGIN_CONFIG
or in backend but unable to do so. In short, make new created user with STAFF_STATUS by defaultI am basically looking for the way how django-saml2-auth is doing it by defining settings under SAML2_AUTH:
I tried to tinker with
def configure_user(self, request: WSGIRequest, user: User) -> User:
function by addinguser.is_staff
value but seems like for me, that function is never triggered. The other issue that i reported might be related to this theory.What would be the best way to do what here using
SAML2_AUTH
defined values?