{"id":47798725,"url":"https://github.com/jeremyschulman/netbox-plugin-auth-saml2","last_synced_at":"2026-04-03T16:46:44.013Z","repository":{"id":45483609,"uuid":"266182368","full_name":"jeremyschulman/netbox-plugin-auth-saml2","owner":"jeremyschulman","description":"Netbox plugin for SSO using SAML2","archived":false,"fork":false,"pushed_at":"2024-06-11T18:11:56.000Z","size":34,"stargazers_count":144,"open_issues_count":28,"forks_count":26,"subscribers_count":12,"default_branch":"main","last_synced_at":"2026-02-05T10:58:26.265Z","etag":null,"topics":["netbox-plugin"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jeremyschulman.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-2.0.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-22T18:37:41.000Z","updated_at":"2025-12-13T07:54:30.000Z","dependencies_parsed_at":"2024-05-22T12:29:03.029Z","dependency_job_id":"ec04435c-cd11-4b87-a592-f6800cc8179c","html_url":"https://github.com/jeremyschulman/netbox-plugin-auth-saml2","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/jeremyschulman/netbox-plugin-auth-saml2","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeremyschulman%2Fnetbox-plugin-auth-saml2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeremyschulman%2Fnetbox-plugin-auth-saml2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeremyschulman%2Fnetbox-plugin-auth-saml2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeremyschulman%2Fnetbox-plugin-auth-saml2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jeremyschulman","download_url":"https://codeload.github.com/jeremyschulman/netbox-plugin-auth-saml2/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeremyschulman%2Fnetbox-plugin-auth-saml2/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31364553,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-03T15:19:21.178Z","status":"ssl_error","status_checked_at":"2026-04-03T15:19:20.670Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["netbox-plugin"],"created_at":"2026-04-03T16:46:43.274Z","updated_at":"2026-04-03T16:46:44.001Z","avatar_url":"https://github.com/jeremyschulman.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Netbox Plugin for SSO using SAML2\n\nNetbox 2.8 provides enhancements to support remote user authentication uses specific\nvariables defined in the configuration.py file, as described here:\n\nhttps://netbox.readthedocs.io/en/stable/configuration/optional-settings/\n\nThis repository provides a Netbox plugin that can be used to integrate with a SAML SSO system,\nsuch as Okta.\n\n*NOTE: This approach uses a reverse-proxy URL rewrite so that the standard Netbox Login will redirect\nthe User to the SSO system. Please refer to the example [nginx.conf](nginx.conf) file.*\n\n*NOTE: Netbox plugin for SSO, v2.0+, supports Netbox 2.8, 2.9, 2.10, 2.11, 3.0.\n\n*NOTE: Netbox plugin for SSO, v3.0+, supports Netbox 4.0.\n\n## System Requirements\n\nYou will need to install the [django3-auth-saml2](https://github.com/jeremyschulman/django3-auth-saml2)\ninto your Netbox environment.\n\n## Netbox Configuration\n\nIn the `configuration.py` you will need to enable and configure these\n`REMOTE_AUTH_xxx` options at a minimum:\n\n```python\nREMOTE_AUTH_ENABLED = True\nREMOTE_AUTH_BACKEND = 'utilities.auth_backends.RemoteUserBackend'\n# For v2.8+:\n# REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend'\n# For backends included with this plugin:\n# REMOTE_AUTH_BACKEND = 'django3_saml2_nbplugin.backends.\u003cBackend\u003e'\nREMOTE_AUTH_AUTO_CREATE_USER = True\n````\n\nYou can also create the other options **REMOTE_AUTH_DEFAULT_GROUPS** and\n**REMOTE_AUTH_DEFAULT_PERMISSIONS** as described in the online docs.\n\nNext you will need to configure this plugin, provding your specific\nconfiguraiton values as described in\n[django3-okta-saml2](https://github.com/jeremyschulman/django3-okta-saml2)\nrepo, for example:\n\n```python\nPLUGINS = ['django3_saml2_nbplugin']\n\nPLUGINS_CONFIG = {\n 'django3_saml2_nbplugin': {\n\n # Use the Netbox default remote backend\n 'AUTHENTICATION_BACKEND': REMOTE_AUTH_BACKEND,\n\n # Custom URL to validate incoming SAML requests against\n 'ASSERTION_URL': 'https://netbox.company.com',\n\n # Populates the Issuer element in authn reques e.g defined as \"Audience URI (SP Entity ID)\" in SSO\n 'ENTITY_ID': 'https://netbox.conpany.com/',\n\n # Metadata is required, choose either remote url\n 'METADATA_AUTO_CONF_URL': \"https://mycorp.okta.com/app/sadjfalkdsflkads/sso/saml/metadata\",\n # or local file path\n 'METADATA_LOCAL_FILE_PATH': '/opt/netbox/saml2.xml',\n\n # Settings for SAML2CustomAttrUserBackend. Optional.\n 'CUSTOM_ATTR_BACKEND': {\n # See the note below about SAML attributes\n\n # Attribute containing the username. Optional.\n 'USERNAME_ATTR': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',\n # Attribute containing the user's email. Optional.\n 'MAIL_ATTR': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',\n # Attribute containing the user's first name. Optional.\n 'FIRST_NAME_ATTR': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname',\n # Attribute containing the user's last name. Optional.\n 'LAST_NAME_ATTR': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname',\n # Set to True to always update the user on logon\n # from SAML attributes on logon. Defaults to False.\n 'ALWAYS_UPDATE_USER': False,\n # Attribute that contains groups. Optional.\n 'GROUP_ATTR': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/groups',\n # Dict of user flags to groups.\n # If the user is in the group then the flag will be set to True. Optional.\n 'FLAGS_BY_GROUP': {\n 'is_staff': 'saml-group1',\n 'is_superuser': 'saml-group2'\n },\n # Dict of SAML groups to NetBox groups. Optional.\n # Groups must be created beforehand in NetBox.\n 'GROUP_MAPPINGS': {\n 'saml-group3': 'netbox-group'\n }\n }\n }\n}\n```\n\nPlease note that `METADATA_AUTO_CONF_URL` and `METADATA_LOCAL_FILE_PATH` are\nmutually exclusive. Don't use both settings at the same time.\n\n## Attributes\n\nNewer versions of `pysaml2` uses an attribute map.\nFor example, instead of `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress` in the configuration above, `emailAddress` should be used instead.\n\nSee [here](https://github.com/IdentityPython/pysaml2/tree/master/src/saml2/attributemaps) for details.\n\n\n\n# New Plugin URLs\nThis plugin will provide two new URLs to Netbox:\n\n`/api/plugins/sso/login/`\u003cbr/\u003e\nThis URLs redirects the User login to the SSO system (Okta) for authentication. This is the URL that needs\nto be used in the reverse-proxy redirect, for examlple see [nginx.conf](nginx.conf#L35).\n\u003cbr/\u003e\u003cbr/\u003e\n`/api/plugins/sso/acs/`\u003cbr/\u003e\nThis URLs should be configured into your SSO system as the route to use to single-sign-on/redirection URL the User into Netbox\nafter the User has authenticated with the SSO system.\n\n# Customizing on Create New User Configuration\nIf you want to customize the way a User is created, beyond what is provided by the\nNetbox REMOTE_AUTH variables, you can create a custom RemoteBackend class. See\nthe samples in [backends.py](django3_saml2_nbplugin/backends.py).\n\n# Using A Reverse Proxy Redirect\nThe use of this plugin requires a reverse-proxy URL redirect to override the default Netbox `/login/` URL. There\nare two notes in this process:\n\n 1. You MAY need to disable port in redirect depending on your Netbox installation. If your Netbox server URL\n does _not_ include a port, then you _must_ disable port redirect. For example see [nginx.conf](nginx.conf#L19).\n 1. You MUST add the ULR rewrite for the `/login/` URL to use `/plugins/sso/login/`, for example [nginx.conf](nginx.conf#L35).\n\n# Adding a SSO Login Button\n\nInstead of using a reverse proxy redirect, you can add a SSO login button above\nthe NetBox login form. This has the added benefit of allowing both local\nand SAML login options.\n\nAdd the following to your configuration.py:\n```python\nBANNER_LOGIN = '\u003ca href=\"/api/plugins/sso/login\" class=\"btn btn-primary btn-block\"\u003eLogin with SSO\u003c/a\u003e'\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjeremyschulman%2Fnetbox-plugin-auth-saml2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjeremyschulman%2Fnetbox-plugin-auth-saml2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjeremyschulman%2Fnetbox-plugin-auth-saml2/lists"}