Skip to main content

Netbox plugin for SAML2 auth

Project description

Netbox Plugin for SSO using SAML2

Netbox 2.8 provides enhancements to support remote user authentication uses specific variables defined in the configuration.py file, as described here:

https://netbox.readthedocs.io/en/stable/configuration/optional-settings/

This repository provides a Netbox plugin that can be used to integrate with a SAML SSO system, such as Okta.

NOTE: This approach uses a reverse-proxy URL rewrite so that the standard Netbox Login will redirect the User to the SSO system. Please refer to the example nginx.conf file.

System Requirements

You will need to install the django3-auth-saml2 into your Netbox environment.

Netbox Configuration

In the configuration.py you will need to enable and configure these REMOTE_AUTH_xxx options at a minimum:

REMOTE_AUTH_ENABLED = True
REMOTE_AUTH_BACKEND = 'utilities.auth_backends.RemoteUserBackend'
REMOTE_AUTH_AUTO_CREATE_USER = True

You can also create the other options REMOTE_AUTH_DEFAULT_GROUPS and REMOTE_AUTH_DEFAULT_PERMISSIONS as described in the online docs.

Next you will need to configure this plugin, provding your specific configuraiton values as described in django3-okta-saml2 repo, for example:

PLUGINS = ['django3_saml2_nbplugin']

PLUGINS_CONFIG = {
    'django3_saml2_nbplugin': {

        # Use the Netbox default remote backend
        'AUTHENTICATION_BACKEND': REMOTE_AUTH_BACKEND,

        # Metadata is required, choose either remote url or local file path
        'METADATA_AUTO_CONF_URL': "https://mycorp.okta.com/app/sadjfalkdsflkads/sso/saml/metadata"
    }
}

New Plugin URLs

This plugin will provide two new URLs to Netbox:

/plugins/sso/login/
This URLs redirects the User login to the SSO system (Okta) for authentication. This is the URL that needs to be used in the reverse-proxy redirect, for examlple see nginx.conf.

/plugins/sso/acs/
This URLs should be configured into your SSO system as the route to use to single-sign-on the User into Netbox after the User has authenticated with the SSO system.

Customizing on Create New User Configuration

If you want to customize the way a User is created, beyond what is provided by the Netbox REMOTE_AUTH variables, you can create a custom RemoteBackend class. See the samples in backends.py.

Using A Reverse Proxy Redirect

The use of this plugin requires a reverse-proxy URL redirect to override the default Netbox /login/ URL. There are two notes in this process:

  1. You MAY need to disable port in redirect depending on your Netbox installation. If your Netbox server URL does not include a port, then you must disable port redirect. For example see nginx.conf.
  2. You MUST add the ULR rewrite for the /login/ URL to use /plugins/sso/login/, for example nginx.conf.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for netbox-plugin-auth-saml2, version 0.2
Filename, size File type Python version Upload date Hashes
Filename, size netbox_plugin_auth_saml2-0.2-py3-none-any.whl (5.1 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size netbox-plugin-auth-saml2-0.2.tar.gz (4.1 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page