-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Netbox 4.0 and G-Suite (Google Web Apps) SAML Failure #16194
Comments
Thanks for reporting a problem you've encountered in NetBox. The very nature of this report makes it challenging for a maintainer to reproduce, since it assumes both familiarity with SAML and access to a Google Web Apps organization with adequate permission to configure the required resources on that side. Furthermore, the final paragraph of your issue body leads me wonder if library version conflicts on your system might be contributing to the problem. If you are aware of any code changes since NetBox 3.7.7 that you suspect could be causing this problem, we're open investigating them, but please bear in mind that issues are not a channel for end-user support. |
This can be closed. Someone was nice enough to update the original netbox saml2 plugin to support 4.0+. I tested it and it works as it did in 3.X. |
Deployment Type
Self-hosted
NetBox Version
v4.0.0
Python Version
3.11
Steps to Reproduce
Set REMOTE_AUTH_BACKEND to: social_core.backends.saml.SAMLAuth
Define appropriate SOCIAL_AUTH_SAML_SP_ENTITY_ID and SOCIAL_AUTH_SAML_ENABLED_IDPS dictionary elements (The values referenced are defined variables in the config file).
SOCIAL_AUTH_SAML_ENABLED_IDPS = {
"google": {
"entity_id": GOOGLE_ENTITY_ID,
"url": GOOGLE_SSO_URL,
"x509cert": GOOGLE_CERTIFICATE,
"attr_user_permanent_id": "email",
"attr_first_name": "first_name",
"attr_last_name": "last_name",
"attr_username": "email",
"attr_email": "email",
}
SOCIAL_AUTH_SAML_SP_ENTITY_ID = https://abc.example.net
Ensure Google Web Apps section has proper configuration to match. The ACS URL I am using is: https://abc.example.net/complete/saml/
Expected Behavior
When clicking on the saml (google) button upon login I expect to be logged in with my G-Suite Username once the authentication passes. Coming from Netbox 3.7.7 and I realize all of the custom SAML plugins no longer work so I am trying to use the social_core.backends.saml.SAMLAuth backend from the social-auth-core[saml] python library.
Just for reference I used the custom SAML backend with the custom SAML netbox plugin in 3.7.7 and it works with no issues using Google Web Apps.
Observed Behavior
When I click on the saml (google) button I get prompted for my Google login but when authentication passes I get looped right back to the login page. I am not sure I have the right ACS URL in Google Web Apps, however I believed it to be correct based on the saml documentation for social_core.
It is also worth noting that I am unable to use the most recent version of "lxml" as it causes a version conflict with "xmlsec" and "libxml2". I need to manually downgrade lxml to 5.1.1 for version conflict resolution. I found this when I attempted to start the netbox application and it would dump with a version mis-match between lxml, xmlsec and libxml2.
The text was updated successfully, but these errors were encountered: