This is an example setup with NetBox using AzureAD for authentication. It uses the Python Social Auth library.
Most of this was taken from this gist: https://gist.github.com/leoluk/16d91ec22d833945c7ac7ed2b3b05a27
This is written to support NetBox v2.10 to v3.0. I'll try to note differences for 2.9 or earlier.
NOTE: NetBox v3.1 added basic support for using social_auth so most of this is no longer required and can be placed in the configuration.py
file.
You will need an AzureAD App Registration (Service Principal) created for NetBox and create a client secret to use. You'll need the Client ID and Tenant ID as well.
Within the App Registration create app roles that will be used to assign users to specific groups. The app role value must be the same as the NetBox group name. See the Microsoft docs on app roles. This step can be skipped if you remove the references to the set_role
method in custom_pipeline.py
.
The set_username
method in custom_pipeline.py
will set the user's UPN attribute as the NetBox username. Set this to any attribute you want.
Place the local_requirements.txt
file in the NetBox root directory (/opt/netbox
by default). See the NetBox docs. Install the Python package in the requirements file.
To overwrite the default settings.py and keep upgrades easier, move/rename the default settings.py
to upstream_settings.py
.
Enter your AzureAD information to the settings.py
file.
The configuration.py
provided here is just what is needed to setup this authentication. Merge it with your own configuration.py
.
Copy each file to the $INSTALL_ROOT/netbox/netbox/
directory
- custom_middleware.py
- custom_urls.py
- custom_pipeline.py
- settings.py
systemctl restart netbox netbox-rq
@nahun
Thanks for the reply.
Yes, I do have the
REMOTE_AUTH_BACKEND
set.The only thing missing now is the custom pipeline to parse the data.
What I do not know right now is:
How did you know the data structure of the response data?
so it can be parsed and pass the data to netbox properly?Up to this point I've only been using postman and the
request
library to see how the data is structured.If I know how to check this part with AzureAD, then I can probably create my own pipeline.
Any input that would point me to the right direction would be very helpful.