Netbox 3.1.x Azure AD SSO

[mrapw]

Hi all
I've set the Netbox-Docker 3.1.10 but I can't set the SSO to work with Azure AD, has anyone had any luck in getting this working please.

I've not been able to any guides on how to set up and came across the thread below.
netbox-community/netbox#7649

I've set up a new Enterprise App in Azure AD configured for SAML, and have the Application ID etc.

added entries to configuration.py (I've masked entries like the Application ID etc for the purposes of this)

LOGIN_REQUIRED = True

REMOTE_AUTH_ENABLED = True

REMOTE_AUTH_BACKEND = 'social_core.backends.azuread_tenant.AzureADTenantOAuth2'

REMOTE_AUTH_AUTO_CREATE_USER = True

SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_RESOURCE = '(Application ID)'
SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY = '(Application ID)'
SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET = '(Secret Token)'
SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID = '(Tenant ID)'

SOCIAL_AUTH_PIPELINE = (
'social_core.pipeline.social_auth.social_details',
'social_core.pipeline.social_auth.social_uid',
'social_core.pipeline.social_auth.auth_allowed',
'social_core.pipeline.social_auth.social_user',
'social_core.pipeline.user.get_username',
'netbox.custom_pipeline.set_username',
'social_core.pipeline.user.create_user',
'social_core.pipeline.social_auth.associate_user',
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
'netbox.custom_pipeline.set_role'

When I launch Netbox in the browser I successfully get prompted to use SSO provider which directs me to a Microsoft sign-in page.

Or use an SSO provider:
[azuread-tenant-oauth2]

Upon successful authentication the following is displayed:

ADSTS650057: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: (Application ID) (Netbox Test). Resource value from request: (Application ID). Resource app ID: (Application ID). List of valid resources from app registration: .

any ideas please what the issue could be?

TIA

[Dark-DK]

Hi

All I needed to make it work is the following:

LOGIN_REQUIRED = True
REMOTE_AUTH_ENABLED = True
REMOTE_AUTH_BACKEND = 'social_core.backends.azuread_tenant.AzureADTenantOAuth2'
REMOTE_AUTH_AUTO_CREATE_USER = True
SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_RESOURCE = '(Application ID)' <-- I didn't need this one.
SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY = '(Application ID)'
SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET = '(Secret Token)'
SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID = '(Tenant ID)' <-- This one might not be needed. Depends on your AAD setup.

You do not need the following just to make Azure AD auth work:

SOCIAL_AUTH_PIPELINE = (
'social_core.pipeline.social_auth.social_details',
'social_core.pipeline.social_auth.social_uid',
'social_core.pipeline.social_auth.auth_allowed',
'social_core.pipeline.social_auth.social_user',
'social_core.pipeline.user.get_username',
'netbox.custom_pipeline.set_username',
'social_core.pipeline.user.create_user',
'social_core.pipeline.social_auth.associate_user',
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
'netbox.custom_pipeline.set_role'

The above is what makes it fail. I'm currently struggling to make it work with the above in order to make the auto-created users be named with the UPN instead for their real names.