Got Server Error with Netbox 3.0.7

[Nino-Rey]

Hi @marcus-crane,

This is really cool plugin but I got an error when I setup using the latest version of Netbox 3.0.7.

Server Error There was a problem with your request. Please contact an administrator.

The complete exception is provided below:

<class 'AttributeError'>

'NoneType' object has no attribute 'get'

Python version: 3.8.10 NetBox version: 3.0.7 If further assistance is required, please post to the NetBox discussion forum on GitHub.

I have installed netbox_plugin_azuread-1.1.0

Azure AD logs shows I'm successfully able to login but the page throws up a server error. Unfortunately, I can't paste the capture logs as it has confidential information of the company.

[marcus-crane]

Hmm, at a quick glance I'm able to log in using a Dockerised version of 3.0.7 although it uses Python 3.9.5 apparently so not quite a proper replication.

The first place I can think of where a .get might fail is here at the part where the claims are retrieved but I don't really have enough information to know. I think some orgs sometimes change the claims mapping but I haven't looked into it very deeply.

In the meantime, rather than stab in the dark, it's probably useful if I roll out a dot version with some proper debug logging which I've tracked here: #17

That way you can set the log level and (ideally) let me know exactly where it's breaking in lieu of being able to access your environment

[Nino-Rey]

I will ask our Azure team to check the claims mapping but this is what I saw from /var/log/nginx/access.log and I'm not sure what's broke and not cause I don't see any errors on it and I only see GET.

This is for LOGIN URL logs

:[02/Nov/2021:18:15:49 +0000] "GET /plugins/azuread/login/ HTTP/1.1" 200 2383 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" :[02/Nov/2021:18:15:50 +0000] "GET /static/netbox-external.css HTTP/1.1" 200 286568 "https://netbox.net.usw2.omitted.io/plugins/azuread/login/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" :[02/Nov/2021:18:15:51 +0000] "GET /static/netbox-dark.css HTTP/1.1" 200 788267 "https://netbox.net.usw2.omitted.io/plugins/azuread/login/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" :[02/Nov/2021:18:15:51 +0000] "GET /static/netbox.js HTTP/1.1" 200 322556 "https://netbox.net.usw2.omitted.io/plugins/azuread/login/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" :[02/Nov/2021:18:15:51 +0000] "GET /static/netbox_logo.svg HTTP/1.1" 200 4719 "https://netbox.net.usw2.omitted.io/plugins/azuread/login/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" :[02/Nov/2021:18:15:52 +0000] "GET /static/netbox-print.css HTTP/1.1" 200 1622455 "https://netbox.net.usw2.omitted.io/plugins/azuread/login/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" :[02/Nov/2021:18:15:52 +0000] "GET /static/materialdesignicons-webfont-KSYPMDN6.woff2?v=5.9.55 HTTP/1.1" 200 325244 "https://netbox.net.usw2.omitted.io/static/netbox-external.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36"

And this is for REPLY URL logs

:[02/Nov/2021:18:16:03 +0000] "GET /plugins/azuread/complete/?code=0.ATgALe61Yi4DaEiPwnXM5G4e4DzePhUvAgpJnybRGDD-4Uo4ANM.AQABAAIAAAD--DLA3VO7QrddgJg7WevrUoNbsZpsc3Pjly9SCKYydGryJrgO8jtuHnR337K5nuqGP_99rsB8X1LjTq8lKpjMrJjRMctidaIU4YzGiyZ-wVqbUPKJH9MNmLQZwILpw4xJmk7DxJ5XGXgYkNlmDVYZOQ02BS5HDdlT1GW1oqm4vAfxj0joUzhRcEH5m7wQ2NR-NLE6yR8EPcrtTFxZX2H8L1w7RURfICkSjK-qHSUWWAspF6UaCdN1w9ft2c2_GZuEHPcmIJdTfY-zFb4QkO_t4QJTbCVdnLXn2oJ1_J1ZxS5sTXbw40I1C_c24tCNO5laxuxFvtWtxUvae5RXait6YXSj5RDNu6j7rBAm_mITxRdDSSN5e4vEzd4R052eG-kxGO7Iy-ZRkNz7uZU3LupUOgfFco70aockOkJx1d8Q9CyE9NRP5jn9Rmr3tjRIncJOsNVS14MF1cQWCRCfW1iRmIVMmhkjA7WAIH3JxEnhOYl3w1NuAn7ilCW9qAR2SJOPBIOGIAOIQLK657a0ItVlpjVans8giHTY5xXJcQNjr6s7OVFf7VSFXV_JBEOiMOTb7Hz9Tm87XUu3dX0r3_9xnY46yDF_3fCwImWZlC6NfgsRcFOG7VWIEpY0f06yKPmtjcwMzFmuw66_ZBno51UVm5xCZ6k64J0lIqCyAICoXGyZEy4O-uMP-i5MC-blZHxbcY1-E8IzvE3UAJUGG7ksqCLEwng93i2SP0JBmf0GshqyOK3PBFOkZSHlWVzqGZUgAA&state=6abebbf3-7a7f-43a2-abd2-8d26d6fa0381&session_state=068e406f-c3e4-4817-aa2b-0daee51d3cb2 HTTP/1.1" 500 1596 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" :[02/Nov/2021:18:16:04 +0000] "GET /static/netbox-light.css HTTP/1.1" 200 493227 "https://netbox.net.usw2.omitted.io/plugins/azuread/complete/?code=0.ATgALe61Yi4DaEiPwnXM5G4e4DzePhUvAgpJnybRGDD-4Uo4ANM.AQABAAIAAAD--DLA3VO7QrddgJg7WevrUoNbsZpsc3Pjly9SCKYydGryJrgO8jtuHnR337K5nuqGP_99rsB8X1LjTq8lKpjMrJjRMctidaIU4YzGiyZ-wVqbUPKJH9MNmLQZwILpw4xJmk7DxJ5XGXgYkNlmDVYZOQ02BS5HDdlT1GW1oqm4vAfxj0joUzhRcEH5m7wQ2NR-NLE6yR8EPcrtTFxZX2H8L1w7RURfICkSjK-qHSUWWAspF6UaCdN1w9ft2c2_GZuEHPcmIJdTfY-zFb4QkO_t4QJTbCVdnLXn2oJ1_J1ZxS5sTXbw40I1C_c24tCNO5laxuxFvtWtxUvae5RXait6YXSj5RDNu6j7rBAm_mITxRdDSSN5e4vEzd4R052eG-kxGO7Iy-ZRkNz7uZU3LupUOgfFco70aockOkJx1d8Q9CyE9NRP5jn9Rmr3tjRIncJOsNVS14MF1cQWCRCfW1iRmIVMmhkjA7WAIH3JxEnhOYl3w1NuAn7ilCW9qAR2SJOPBIOGIAOIQLK657a0ItVlpjVans8giHTY5xXJcQNjr6s7OVFf7VSFXV_JBEOiMOTb7Hz9Tm87XUu3dX0r3_9xnY46yDF_3fCwImWZlC6NfgsRcFOG7VWIEpY0f06yKPmtjcwMzFmuw66_ZBno51UVm5xCZ6k64J0lIqCyAICoXGyZEy4O-uMP-i5MC-blZHxbcY1-E8IzvE3UAJUGG7ksqCLEwng93i2SP0JBmf0GshqyOK3PBFOkZSHlWVzqGZUgAA&state=6abebbf3-7a7f-43a2-abd2-8d26d6fa0381&session_state=068e406f-c3e4-4817-aa2b-0daee51d3cb2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36"

[Nino-Rey]

regarding claims mapping where can we see it in Azure AD I tried to find anything specific I'm not sure if I'm looking the right thing as I'm not too familiar with it.

[marcus-crane]

Hey there,

Yeah, it likely would as it checks claims for a preferred_username and then uses the Microsoft Graph to fetch your profile. I haven't really dug into the concept of claims too much and I don't actually work for my previous employer anymore who used Netbox :')

What I'm thinking I can do though is if I add proper debug values, including logging out the responses and claims, you should then be able to see what is being passed through. While I think of it, it could be cool to add an extra flag to redact credentials for when you provide a bug report.

Anyway, I can try to push that change out later tonight since it'll help others with issues but at the moment, I don't have a specific idea without sitting down and pulling apart the codebase (I haven't poked around in it for a while!)

How does that sound? I hope this isn't blocking any work for you (not that this plugin offers any guarantees 😉 )

[marcus-crane]

From a cursory look at https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens#payload-claims, the profile scope is required to receive the preferred_username so that could be something to ask your Azure team about as well?

[Nino-Rey]

by the way, here's my plugin config code, which is nothing unusual

.

[Nino-Rey]

I just found this in stackoverflow page, probably the "id_token_claims" in the line code you specify returns empty

[marcus-crane]

Hey @Nino-Rey, I've just released v1.1.1 which adds verbose debug logging to help pinpoint the contents of what you're receiving back from Azure Active Directory.

You can enable it by setting LOGLEVEL=DEBUG in your Netbox environment.

[nirtal]

I had the same issue and tested different netbox and python versions.

I found that I had set "CLIENT_SECRET" to the secret-id instead of the actual secret that I got from the azure setup. When I changed to the secret I manage to login using azure ad credentials.

[marcus-crane]

Ah, thanks for reporting back. I'll close this issue now. While I'm not actively using this plugin, I'll make a note in the README. I need to see if I can provide migration instructions to use the official Netbox plugin (if it supports everything this plugin does)

[Nino-Rey]

@nirtal Good day, Just wondering where/how did you get the actual secret from Azure setup. I can only see secret id from Certificate and Secret section. Thanks in advance for sharing that information.