Additional config parameters for User profile in PLUGIN_CONFIG

[log1cb0mb]

Python 3.6.8 django3-auth-saml2 0.2.0 netbox-plugin-auth-saml2 0.2 NetBox 2.8.6

I have been trying to make additional parameter user.is_staff work, either with defined value in PLUGIN_CONFIG or in backend but unable to do so. In short, make new created user with STAFF_STATUS by default

I am basically looking for the way how django-saml2-auth is doing it by defining settings under SAML2_AUTH:

SAML2_AUTH = {
    # Metadata is required, choose either remote url or local file path
    'METADATA_AUTO_CONF_URL': '[The auto(dynamic) metadata configuration URL of SAML2]',
    'METADATA_LOCAL_FILE_PATH': '[The metadata configuration file path]',

    # Optional settings below
    'DEFAULT_NEXT_URL': '/admin',  # Custom target redirect URL after the user get logged in. Default to /admin if not set. This setting will be overwritten if you have parameter ?next= specificed in the login URL.
    'CREATE_USER': 'TRUE', # Create a new Django user when a new user logs in. Defaults to True.
    'NEW_USER_PROFILE': {
        'USER_GROUPS': [],  # The default group name when a new user logs in
        'ACTIVE_STATUS': True,  # The default active status for new users
        'STAFF_STATUS': True,  # The staff status for new users
        'SUPERUSER_STATUS': False,  # The superuser status for new users
    }, 
....

I tried to tinker with def configure_user(self, request: WSGIRequest, user: User) -> User: function by adding user.is_staff value but seems like for me, that function is never triggered. The other issue that i reported might be related to this theory.

What would be the best way to do what here using SAML2_AUTH defined values?

[log1cb0mb]

In addition to User profile paramters, it would be nice to add SSO users attirbutes mapping for e.g:

'ATTRIBUTES_MAP': {  # Change Email/UserName/FirstName/LastName to corresponding SAML2 userprofile attributes.
        'email': 'Email',
        'username': 'UserName',
        'first_name': 'FirstName',
        'last_name': 'LastName',
    },

These or atleast group attributes so that users can be dynamically assigned to relevant groups in NetBox based on group membership in SSO/OKTA.

[log1cb0mb]

Since i have figured out this, i managed to also use user.is_staff attribute in configure_user function. I added additional group attribute in OKTA app and setting staff status based on group value:

.....
user.first_name, user.last_name = map(str.title, user.username.split('.'))

if 'usergroupname' in user_ident['user_group'][0]:
    user.is_staff = True

This works but not exactly neat, i am hoping to define these parameters in PLUGIN_CONFIG and this function uses those values when configuring user. Any suggestions?

[jeremyschulman]

@mrrobottt443 - Sorry for the delay responding. You were on the right track to modify the backend class; or create a new one. Glad that you were able to develop a working solution.

When I designed the original https://github.com/jeremyschulman/django3-auth-saml2 package, I chose to utilize the native Django Backends framework rather than to overlay another set of settings configuration via PLUGIN_CONFIG. The reason for doing so is that I did not want to complicate the code to handle User-defined relationships and "logic" in a data structure. As I understand the Django Backends framework, that is the purpose of creating the code in this area. But perhaps I got it wrong as I am generally new to using Django.

I hope this addresses your question/issue, and I am closing this issue.