Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign algorithm for SIGN_KEYS #21

Open
tim-schneider opened this issue Jul 28, 2024 · 0 comments · May be fixed by #22
Open

Sign algorithm for SIGN_KEYS #21

tim-schneider opened this issue Jul 28, 2024 · 0 comments · May be fixed by #22

Comments

@tim-schneider
Copy link

tim-schneider commented Jul 28, 2024
edited
Loading

Thank you for maintaining this project!

I have set up SIGN_KEYS with an ADFS instance. However, it looks like the algorithm used defaults to SHA1. Is it possible to influence this or set it to SHA256?

ADFS log with default settings MSIS7093: The message is not signed with expected signature algorithm. Message is signed with signature algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1. Expected signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
saml_configuration.py 
from os import environ

REMOTE_AUTH_ENABLED = True

REMOTE_AUTH_BACKEND = 'django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend'
REMOTE_AUTH_AUTO_CREATE_USER = True

PLUGINS = ['django3_saml2_nbplugin']

PLUGINS_CONFIG = {
    'django3_saml2_nbplugin': {

        # Use the Netbox default remote backend
        'AUTHENTICATION_BACKEND': REMOTE_AUTH_BACKEND,

        # Custom URL to validate incoming SAML requests against
        'ASSERTION_URL': environ.get('SAML_ASSERTION_URL', ''),

        # Populates the Issuer element in authn reques e.g defined as "Audience URI (SP Entity ID)" in SSO
        'ENTITY_ID': environ.get('SAML_ASSERTION_ENTITY_ID', ''),

        # Metadata is required, choose either remote url
        'METADATA_AUTO_CONF_URL': environ.get('SAML_IDP_METADATA', ''),

        'SIGN_KEYS': ('/etc/netbox/saml/saml_cert.crt', '/etc/netbox/saml/saml_cert.key'),

        # Settings for SAML2CustomAttrUserBackend. Optional.
        'CUSTOM_ATTR_BACKEND': {
            # See the note below about SAML attributes

            # Attribute containing the username. Optional.
            'USERNAME_ATTR': 'username',
            # Attribute containing the user's email. Optional.
            'MAIL_ATTR': 'emailAddress',
            # Attribute containing the user's first name. Optional.
            'FIRST_NAME_ATTR': 'givenName',
            # Attribute containing the user's last name. Optional.
            'LAST_NAME_ATTR': 'surname',
            # Set to True to always update the user on logon
            # from SAML attributes on logon. Defaults to False.
            'ALWAYS_UPDATE_USER': True,
            # Attribute that contains groups. Optional.
            'GROUP_ATTR': 'group',
            # Dict of user flags to groups.
            # If the user is in the group then the flag will be set to True. Optional.
            'FLAGS_BY_GROUP': {
                'is_staff': environ.get('SAML_GROUP_STAFF', ''),
                'is_superuser':  environ.get('SAML_GROUP_SUPERUSER', '')
            },
            # Dict of SAML groups to NetBox groups. Optional.
            # Groups must be created beforehand in NetBox.
            'GROUP_MAPPINGS': {
                environ.get('SAML_GROUP_READONLY', ''): 'netbox_global_readonly',
                environ.get('SAML_GROUP_EDITOR', ''): 'netbox_global_editor'
            }
        }
    }
}
@tim-schneider tim-schneider linked a pull request Jul 31, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add options to configure algorithms tim-schneider/django3-auth-saml2
1 participant
@tim-schneider