0

GOAL: ANY user that has successfully authenticated with SSO (through REMOTE_AUTH) is granted admin (or at least superuser) rights, without needing to create any users or groups beforehand.

I have remote auth working fine (the user is logged in on NetBox successfully) but I am not able to set any automatic permissions. All users only have view access.

The only thing that works is explicitly setting username, such as:

REMOTE_AUTH_SUPERUSERS = ['myuser1', 'myuser2']

which is not an appropriate solution for this goal because the usernames are not known before the user goes through SSO flow.

I've reviewed documentation here: https://netbox.readthedocs.io/en/stable/administration/permissions/

and here: https://netbox.readthedocs.io/en/stable/configuration/optional-settings/#remote_auth_default_permissions

Note the docs for REMOTE_AUTH_DEFAULT_PERMISSIONS states "Each key in the dictionary should be set to a dictionary of the attributes to be applied to the permission, or None to allow all objects." with emphasis on "None to allow all objects."

Neither helps define a basic "give everyone access" type setup.

I've tried just setting REMOTE_AUTH_SUPERUSERS = ['*'] and tried setting REMOTE_AUTH_DEFAULT_PERMISSIONS = { "*": None } and REMOTE_AUTH_DEFAULT_PERMISSIONS = { "status": None } (and MANY other variations, nothing works.

Reference of these applicable config items. (Note that this is not necessarily my current config, as I've tried dozens of variants to get this to work)

REMOTE_AUTH_ENABLED = True
REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend'
REMOTE_AUTH_HEADER = 'HTTP_X_USER_NAME'
REMOTE_AUTH_AUTO_CREATE_USER = True
REMOTE_AUTH_SUPERUSERS = ['*']

# REMOTE_AUTH_DEFAULT_GROUPS = []
# REMOTE_AUTH_SUPERUSER_GROUPS= []
# REMOTE_AUTH_DEFAULT_PERMISSIONS = { }

Rino Bino
  • 350
  • 1
  • 10

0 Answers0