starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-11 21:10:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

Keycloak SSO #8379

New Issue
Closed
opened 2025-12-29 20:35:59 +01:00 by adam · 9 comments
adam commented 2025-12-29 20:35:59 +01:00
Owner
Copy Link

Originally created by @grethler on GitHub (Jul 28, 2023).

NetBox version

v3.5.6

Python version

3.10

Steps to Reproduce

Follow this tutorial: https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html and add those to the configuration.py.
Then on the login screen klick "keycloak"
image

Expected Behavior

Login

Observed Behavior

URI:
https://<tenant>/oauth/login/keycloak/None?client_id=None&redirect_uri=https://<tenant>/oauth/complete/keycloak/&state=<state>&response_type=code
PAGE NOT FOUND:
/oauth/login/keycloak/None
The requested page does not exist.

Originally created by @grethler on GitHub (Jul 28, 2023). ### NetBox version v3.5.6 ### Python version 3.10 ### Steps to Reproduce Follow this tutorial: https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html and add those to the configuration.py. Then on the login screen klick "keycloak" ![image](https://github.com/netbox-community/netbox/assets/94571573/006166f1-983c-466e-bab7-fcf33c7c8c28) ### Expected Behavior Login ### Observed Behavior URI: `https://<tenant>/oauth/login/keycloak/None?client_id=None&redirect_uri=https://<tenant>/oauth/complete/keycloak/&state=<state>&response_type=code ` PAGE NOT FOUND: /oauth/login/keycloak/None The requested page does not exist.
adam added the type: bugstatus: revisions needed labels 2025-12-29 20:35:59 +01:00
adam closed this issue 2025-12-29 20:35:59 +01:00
adam commented 2025-12-29 20:35:59 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Jul 28, 2023):

Thank you for opening a bug report. Unfortunately, the information you have provided is not sufficient for someone else to attempt to reproduce the reported behavior. Remember, each bug report must include detailed steps that someone else can follow on a clean, empty NetBox installation to reproduce the exact problem you're experiencing. These instructions should include the creation of any involved objects, any configuration changes, and complete accounting of the actions being taken. Also be sure that your report does not reference data on the public NetBox demo, as that is subject to change at any time by an outside party and cannot be relied upon for bug reports.

@jeremystretch commented on GitHub (Jul 28, 2023): Thank you for opening a bug report. Unfortunately, the information you have provided is not sufficient for someone else to attempt to reproduce the reported behavior. Remember, each bug report must include detailed steps that someone else can follow on a clean, empty NetBox installation to reproduce the exact problem you're experiencing. These instructions should include the creation of any involved objects, any configuration changes, and complete accounting of the actions being taken. Also be sure that your report does not reference data on the public NetBox demo, as that is subject to change at any time by an outside party and cannot be relied upon for bug reports.
adam commented 2025-12-29 20:36:00 +01:00
Author
Owner
Copy Link

@abdurrm commented on GitHub (Jul 30, 2023):

i use latest release, and keycloak working fine.

check your config, maybe you need add this to your env
REMOTE_AUTH_ENABLED=true
REMOTE_AUTH_GROUP_SYNC_ENABLED=true
REMOTE_AUTH_SUPERUSERS=["your", "admin", "users"]
REMOTE_AUTH_STAFF_USERS=["yourstaff"]
REMOTE_AUTH_BACKEND=social_core.backends.keycloak.KeycloakOAuth2
REMOTE_AUTH_AUTO_CREATE_USER=true

@abdurrm commented on GitHub (Jul 30, 2023): i use latest release, and keycloak working fine. check your config, maybe you need add this to your env **REMOTE_AUTH_ENABLED=true** REMOTE_AUTH_GROUP_SYNC_ENABLED=true REMOTE_AUTH_SUPERUSERS=["your", "admin", "users"] REMOTE_AUTH_STAFF_USERS=["yourstaff"] **REMOTE_AUTH_BACKEND=social_core.backends.keycloak.KeycloakOAuth2** REMOTE_AUTH_AUTO_CREATE_USER=true
adam commented 2025-12-29 20:36:00 +01:00
Author
Owner
Copy Link

@grethler commented on GitHub (Jul 31, 2023):

@abdurrm These are the configs I have:
REMOTE_AUTH_ENABLED=True
REMOTE_AUTH_BACKEND="social_core.backends.keycloak.KeycloakOAuth2"
SOCIAL_AUTH_KEYCLOAK_KEY="key"
SOCIAL_AUTH_KEYCLOAK_SECRET="secret"
SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY="pub_key"
SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL="url"
SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL="url"
SOCIAL_AUTH_KEYCLOAK_ID_KEY="email"

@grethler commented on GitHub (Jul 31, 2023): @abdurrm These are the configs I have: REMOTE_AUTH_ENABLED=True REMOTE_AUTH_BACKEND="social_core.backends.keycloak.KeycloakOAuth2" SOCIAL_AUTH_KEYCLOAK_KEY="key" SOCIAL_AUTH_KEYCLOAK_SECRET="secret" SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY="pub_key" SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL="url" SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL="url" SOCIAL_AUTH_KEYCLOAK_ID_KEY="email"
adam commented 2025-12-29 20:36:00 +01:00
Author
Owner
Copy Link

@deto1986 commented on GitHub (Aug 4, 2023):

I'm sadly facing the same problem, I using netbox-docker as it comes from the repository.

Python version: 3.10.6
NetBox version: 3.4.6

REMOTE_AUTH_ENABLED=True
REMOTE_AUTH_AUTO_CREATE_USER=True
REMOTE_AUTH_BACKEND=social_core.backends.keycloak.KeycloakOAuth2
SOCIAL_AUTH_KEYCLOAK_KEY=<client_id in keycloak>
SOCIAL_AUTH_KEYCLOAK_SECRET=<client_secret in keycloak>
SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY=<public_rs256_key of keycloak realm>
SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL=
SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL=

I also ending up in a PAGE NOT FOUND error as already mentioned.

@deto1986 commented on GitHub (Aug 4, 2023): I'm sadly facing the same problem, I using netbox-docker as it comes from the repository. Python version: 3.10.6 NetBox version: 3.4.6 REMOTE_AUTH_ENABLED=True REMOTE_AUTH_AUTO_CREATE_USER=True REMOTE_AUTH_BACKEND=social_core.backends.keycloak.KeycloakOAuth2 SOCIAL_AUTH_KEYCLOAK_KEY=<client_id in keycloak> SOCIAL_AUTH_KEYCLOAK_SECRET=<client_secret in keycloak> SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY=<public_rs256_key of keycloak realm> SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL=<auth url> SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL=<token url> I also ending up in a PAGE NOT FOUND error as already mentioned.
adam commented 2025-12-29 20:36:00 +01:00
Author
Owner
Copy Link

@grethler commented on GitHub (Aug 4, 2023):

I am using netbox-docker aswell.

@grethler commented on GitHub (Aug 4, 2023): I am using netbox-docker aswell.
adam commented 2025-12-29 20:36:00 +01:00
Author
Owner
Copy Link

@deto1986 commented on GitHub (Aug 4, 2023):

@grethler I have a fix, set these parameters in not in the .env file, instead you have set these parameters directly in the configuration/configuration.py file as python variables. I think the documentation is kinda misleading here but more or less the documentations tells us that we have to use the configuration.py and not environment variables.

I now can login with keycloak but after that my new created user have no authority to do something. I have not seen that I can use claims from the OpenID Connect provider to make this work. The python-social-auth documentation is a bit hard to read :(

@deto1986 commented on GitHub (Aug 4, 2023): @grethler I have a fix, set these parameters in not in the .env file, instead you have set these parameters directly in the configuration/configuration.py file as python variables. I think the documentation is kinda misleading here but more or less the documentations tells us that we have to use the configuration.py and not environment variables. I now can login with keycloak but after that my new created user have no authority to do something. I have not seen that I can use claims from the OpenID Connect provider to make this work. The python-social-auth documentation is a bit hard to read :(
adam commented 2025-12-29 20:36:01 +01:00
Author
Owner
Copy Link

@abdurrm commented on GitHub (Aug 5, 2023):

Yes, me too. I login as admin (local), then manually set the keycloak users
to superuser.

On Fri, 4 Aug 2023, 22:53 Patrick Oettinger, @.***>
wrote:

@grethler https://github.com/grethler I have a fix, set these
parameters in not in the .env file, instead you have set these parameters
directly in the configuration/configuration.py file as python variables. I
think the documentation is kinda misleading here but more or less the
documentations tells us that we have to use the configuration.py and not
environment variables.

I now can login with keycloak but after that my new created user have no
authority to do something. I have not seen that I can use claims from the
OpenID Connect provider to make this work. The python-social-auth
documentation is a bit hard to read :(


Reply to this email directly, view it on GitHub
https://github.com/netbox-community/netbox/issues/13289#issuecomment-1665839030,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AC2UKTV7KGXWH33E4LCKC6DXTULGLANCNFSM6AAAAAA23ELHYE
.
You are receiving this because you were mentioned.Message ID:
@.***>

@abdurrm commented on GitHub (Aug 5, 2023): Yes, me too. I login as admin (local), then manually set the keycloak users to superuser. On Fri, 4 Aug 2023, 22:53 Patrick Oettinger, ***@***.***> wrote: > @grethler <https://github.com/grethler> I have a fix, set these > parameters in not in the .env file, instead you have set these parameters > directly in the configuration/configuration.py file as python variables. I > think the documentation is kinda misleading here but more or less the > documentations tells us that we have to use the configuration.py and not > environment variables. > > I now can login with keycloak but after that my new created user have no > authority to do something. I have not seen that I can use claims from the > OpenID Connect provider to make this work. The python-social-auth > documentation is a bit hard to read :( > > — > Reply to this email directly, view it on GitHub > <https://github.com/netbox-community/netbox/issues/13289#issuecomment-1665839030>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AC2UKTV7KGXWH33E4LCKC6DXTULGLANCNFSM6AAAAAA23ELHYE> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> >
adam commented 2025-12-29 20:36:01 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Aug 22, 2023):

There does not appear to be any action needed on this issue, so I'm going to close it.

@jeremystretch commented on GitHub (Aug 22, 2023): There does not appear to be any action needed on this issue, so I'm going to close it.
adam commented 2025-12-29 20:36:01 +01:00
Author
Owner
Copy Link

@grethler commented on GitHub (Sep 14, 2023):

@grethler I have a fix, set these parameters in not in the .env file, instead you have set these parameters directly in the configuration/configuration.py file as python variables. I think the documentation is kinda misleading here but more or less the documentations tells us that we have to use the configuration.py and not environment variables.

I now can login with keycloak but after that my new created user have no authority to do something. I have not seen that I can use claims from the OpenID Connect provider to make this work. The python-social-auth documentation is a bit hard to read :(

This is the Solution.

@grethler commented on GitHub (Sep 14, 2023): > @grethler I have a fix, set these parameters in not in the .env file, instead you have set these parameters directly in the configuration/configuration.py file as python variables. I think the documentation is kinda misleading here but more or less the documentations tells us that we have to use the configuration.py and not environment variables. > > > > I now can login with keycloak but after that my new created user have no authority to do something. I have not seen that I can use claims from the OpenID Connect provider to make this work. The python-social-auth documentation is a bit hard to read :( This is the Solution.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label status: revisions needed type: bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#8379
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?