I'm trying to set up an oauth2 proxy in front of Netbox (to authenticate against a local Keycloak instance). I have the following configuration in the /etc/netbox/config/extra.py:
REMOTE_AUTH_ENABLED=True
REMOTE_AUTH_AUTO_CREATE_USER=True
REMOTE_AUTH_HEADER='HTTP_X_FORWARDED_PREFERRED_USERNAME'
REMOTE_AUTH_GROUP_HEADER='HTTP_X_FORWARDED_GROUPS'
REMOTE_AUTH_GROUP_SYNC_ENABLED=True
REMOTE_AUTH_SUPERUSER_GROUPS=['netbox-admin']
REMOTE_AUTH_GROUP_SEPARATOR=','
Authentication works just fine; I can enter my credentials and Netbox shows my email address in the account menu.
Requests have an X-Forwarded-* headers that look like:
X-Forwarded-Preferred-Username: [email protected]
X-Forwarded-Groups: default-roles-example,offline_access,netbox-admin,uma_authorization,role:default-roles-example,role:offline_access,role:netbox-admin,role:uma_authorization,role:account:manage-account,role:account:manage-account-links,role:account:view-profile
I have verified that these headers are present in requests to Netbox.
I've tried setting REMOTE_AUTH_GROUP_HEADER and REMOTE_AUTH_GROUP_SEPARATOR appropriately, but viewing the account profile (https://netbox.../user/profile/) always shows "Groups: None", and I'm not able to get superuser privileges.
Is there something obvious missing from my configuration?
