Netbox Azure SSO Group only access #13169
Unanswered
mwalczuk1912
asked this question in
Help Wanted!
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I recently set up a new instance of Netbox and encountered an issue regarding access and authentication. I have already configured the App Registration and Enterprise App.
My goal is to restrict access to Netbox so that only users in the "lic_Netbox" group can authenticate and access the platform.
Here is the current configuration and the error I am encountering. Please note that I have truncated the authentication key and secret for security purposes, but I have confirmed that they match.
By default, with these settings, I am able to log in to Netbox via Single Sign-On (SSO). However, this is not the desired behavior.
`# Remote authentication support
REMOTE_AUTH_ENABLED = True
REMOTE_AUTH_BACKEND = 'social_core.backends.azuread.AzureADOAuth2'
REMOTE_AUTH_HEADER = 'REMOTE_USER'
REMOTE_AUTH_USER_FIRST_NAME = 'user.givenname'
REMOTE_AUTH_USER_LAST_NAME = 'user.surname'
REMOTE_AUTH_USER_EMAIL = 'user.mail'
REMOTE_AUTH_AUTO_CREATE_USER = False
REMOTE_AUTH_DEFAULT_GROUPS = ['lic_Netbox']
REMOTE_AUTH_DEFAULT_PERMISSIONS = {}
Azure AD SSO settings
SOCIAL_AUTH_AZUREAD_OAUTH2_KEY = 'f2b828cc-b1c7-3d6220dd7471'
SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET = 'UM18Q~Y8tM8Cpm898RbVT'
Custom pipeline function to restrict access to lic_Netbox group
def restrict_to_lic_Netbox_group(backend, details, response, *args, **kwargs):
allowed_group = 'lic_Netbox'
if allowed_group not in details.get('user', {}).get('groups', []):
return None # Return None to block authentication for users not in the group
return response
Append the custom pipeline function to the SOCIAL_AUTH_PIPELINE
SOCIAL_AUTH_PIPELINE = (
'social_core.pipeline.social_auth.social_details',
'social_core.pipeline.social_auth.social_uid',
'social_core.pipeline.social_auth.auth_allowed',
'social_core.pipeline.social_auth.social_user',
'social_core.pipeline.user.get_username',
'social_core.pipeline.social_auth.associate_by_email',
'social_core.pipeline.user.create_user',
'netbox.configuration.restrict_to_lic_Netbox_group',
'social_core.pipeline.social_auth.associate_user',
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
)
`
I get the following error
Beta Was this translation helpful? Give feedback.
All reactions