netbox-plugin-auth-saml2 icon indicating copy to clipboard operation
netbox-plugin-auth-saml2 copied to clipboard

Published 20 hours ago verified publisher icon jeremyschulman

NoneType object has no attribute 'require_signature

Open vnamb opened this issue 4 years ago • 4 comments

We've been trying to use this plugin for SSO implementation with netbox-docker. The SSO BANNER_LOGIN button successfully redirects the user first to OKTA and then back to netbox upon successful authentication.

However, netbox throws a 500 Internal Server error:

{"error": "'NoneType' object has no attribute 'require_signature'", "exception": "AttributeError", "netbox_version": "2.11.7", "python_version": "3.8.10"}

Looks very similar to this issue: https://github.com/jeremyschulman/netbox-plugin-auth-saml2/issues/24

Some relevant info:

## Relevant Plugins installed on Netbox container: 
bash-5.1$ /opt/netbox/venv/bin/python3 -m pip freeze | grep saml
django3-auth-saml2==0.2.0
netbox-plugin-auth-saml2==2.3
pysaml2==5.0.0

Snippet from env/netbox.env

REMOTE_AUTH_ENABLED=True
REMOTE_AUTH_BACKEND=netbox.authentication.RemoteUserBackend
REMOTE_AUTH_AUTO_CREATE_USER=True

Note: Ours is a containerized netbox setup similar to this: https://github.com/netbox-community/netbox-docker/blob/release/env/netbox.env

Snippet from configuration.py


PLUGINS_CONFIG = {
    'django3_saml2_nbplugin': {

        # Use the Netbox default remote backend
        'AUTHENTICATION_BACKEND': REMOTE_AUTH_BACKEND,

        # Custom URL to validate incoming SAML requests against
        'ASSERTION_URL': 'https://netbox.mycompany.com/api/plugins/sso/acs/',

        # Populates the Issuer element in authn reques e.g defined as "Audience URI (SP Entity ID)" in SSO
        'ENTITY_ID': 'https://netbox.mycompany.com/',

        # Metadata is required, choose either remote url or local file path
        #'METADATA_AUTO_CONF_URL': "https://mycompany.okta.com/app/exdfgfhfwDhFM3D81t7/sso/saml/metadata"
    # or local file path
        'METADATA_LOCAL_FILE_PATH': '/opt/netbox/netbox_saml2.xml',
    }
}
BANNER_LOGIN = '<a href="/api/plugins/sso/login" class="btn btn-primary btn-block">Login with SSO</a>'

vnamb avatar Jul 01 '21 19:07 vnamb

@vnamb - just checking in with you; did you find a solution to this issue?

jeremyschulman avatar Jul 12 '21 15:07 jeremyschulman

Hey @jeremyschulman , Thanks for checking in. No, we haven't found a solution yet.

vnamb avatar Jul 12 '21 16:07 vnamb

Hi @vnamb - OK. I was going through the setup of a new Netbox 2.11.9 system today, and hit a similar issue. The mistake was in my plugin configuraiton; where I forgot the "https://" in the ASSERTION_URL and ENTITY_ID.

It turns out that all of these values must be exactly the same between the netbox config and the SSO system. If not, the SAML2 decoding process does not process correctly and the resulting error is not all that insightful. A bit of trial and error.

Good luck with your efforts, and please keep me posted if you find a solution.

jeremyschulman avatar Jul 12 '21 18:07 jeremyschulman

@vnamb - Checking in to see if this issue is still active. Please let me know. I will plan to close in +30 days if I have not heard back otherwise. Thank you!

jeremyschulman avatar Dec 11 '21 14:12 jeremyschulman