Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add oidc to auth backends to clean up the display #14587

Closed
DanSheps opened this issue Dec 21, 2023 · 7 comments · Fixed by #15204
Closed

Add oidc to auth backends to clean up the display #14587

DanSheps opened this issue Dec 21, 2023 · 7 comments · Fixed by #15204
Assignees
@abhi1693
Labels
status: accepted This issue has been accepted for implementation type: feature Introduction of new functionality to the application

Comments

@DanSheps
Copy link
Member

Proposed Changes

Add:

    'oidc': ('OpenID Connect', None),

to the AUTH_BACKEND_ATTRS in netbox/netbox/authentication.py

Justification

Currently, the social auth displays the various SSO options under the login page. This uses the dict "AUTH_BACKEND_ATTRS" to translate the driver name (google-openidconnect for example) to a more user friendly name "Google".

Currently "oidc" is missing from this dict, which is the very basic level of openidconnect and if you need to connect to a non-listed driver when setting up social-auth it simply displays the driver name (oidc) instead of a more user friendly name,
@DanSheps DanSheps added the type: housekeeping Changes to the application which do not directly impact the end user label Dec 21, 2023
@llamafilm
Copy link
Contributor

Can we also have a way to customize the displayed text? My organization uses a custom identity provider so I'd like to use that name instead of OpenID Connect.

Screenshot 2024-01-04 at 1 34 52 PM

@alehaa
Copy link
Contributor

alehaa commented Jan 5, 2024

I would also prefer this, as some of our users don‘t know what a keycloak login is and some of our applications already use a term like „login by company ID“.

Maybe a simple solution to these issues is to make AUTH_BACKEND_ATTRS configurable by admins?

@llamafilm
Copy link
Contributor

I would suggest a new config option called REMOTE_AUTH_NAME which would apply to any social auth backend, where the user can enter any custom string. If this option is missing, then use a sane default as @DanSheps described above.

@llamafilm
Copy link
Contributor

llamafilm commented Jan 6, 2024
edited
Loading

I made these 2 fixes in my own fork. I'd be happy to submit a PR if this is accepted. develop...llamafilm:netbox:develop
Screenshot 2024-01-06 at 3 32 52 PM

@DanSheps
Copy link
Member Author

DanSheps commented Jan 9, 2024

I would suggest a new config option called REMOTE_AUTH_NAME which would apply to any social auth backend, where the user can enter any custom string. If this option is missing, then use a sane default as @DanSheps described above.

I don't think we would go with "REMOTE_AUTH_NAME" as you could enable more then 1 SSO provider that might be missing details and need to provide data. It might also be useful to be able to override provided defaults (maintainers will need to discuss)

@llamafilm
Copy link
Contributor

How would it be possible to enable more than one SSO provider? From what I can tell, REMOTE_AUTH_BACKEND is a single string? In my fork I actually called it REMOTE_AUTH_DISPLAYNAME for more clarity.

@EHRETic
Copy link

EHRETic commented Jan 21, 2024
edited
Loading

I'll just upvote the possibility to have a nice OIDC button (same style as normal "sign in" button) with a custom label 😉

Like Portainer in fact:
image

@jeremystretch jeremystretch added type: feature Introduction of new functionality to the application status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation and removed type: housekeeping Changes to the application which do not directly impact the end user labels Jan 22, 2024
@abhi1693 abhi1693 self-assigned this Feb 20, 2024
@abhi1693 abhi1693 added status: accepted This issue has been accepted for implementation and removed status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation labels Feb 20, 2024
abhi1693 added a commit that referenced this issue Feb 20, 2024
@abhi1693
added oidc to auth list #14587
e8820f7
@abhi1693 abhi1693 mentioned this issue Feb 20, 2024
Merged
jeremystretch added a commit that referenced this issue Feb 20, 2024
@abhi1693 @jeremystretch
Added oidc to auth list (#15204)
a063b55 
* added oidc to auth list #14587

* Alphabetic ordering

---------

Co-authored-by: Jeremy Stretch <jstretch@netboxlabs.com>
jeremystretch added a commit that referenced this issue Feb 20, 2024
@jeremystretch
Changelog for #14405, #14587, #14946, #15090. #15174, #15177, #15184, #…
f751afc 
…15192
@jeremystretch jeremystretch mentioned this issue Feb 21, 2024
Merged
@vmorris vmorris mentioned this issue Mar 8, 2024
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 21, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@abhi1693 abhi1693

Labels
status: accepted This issue has been accepted for implementation type: feature Introduction of new functionality to the application
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added oidc to auth list netbox-community/netbox
6 participants
@llamafilm @abhi1693 @alehaa @DanSheps @jeremystretch @EHRETic