NetBox-Docker Okta & Google SSO Environment Additions (#1475)

* feat: add SSO environment variable support for OKTA and Google OAuth2 Add native support for SSO configuration through environment variables and Docker secrets, eliminating the need to modify configuration.py for common SSO providers. Changes: - Add OKTA OpenID Connect configuration variables: - SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY (env var) - SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET (env var + Docker secret: okta_openidconnect_secret) - SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL (env var) - Add Google OAuth2 configuration variables: - SOCIAL_AUTH_GOOGLE_OAUTH2_KEY (env var) - SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET (env var + Docker secret: google_oauth2_secret) Follows existing patterns with _read_secret() for sensitive data and environ.get() for non-sensitive configuration. Resolves: netbox-community/netbox-docker#1139 * Secrets example * fix: add newline at end of file --------- Co-authored-by: skyefugate <skyefugate@users.noreply.github.com>
2025-12-10 22:02:37 +00:00 · 2025-12-10 00:51:30 -06:00 · 2025-12-10 00:51:30 -06:00 · 8387b4d0f6
parent d24afeecb0
commit 8387b4d0f6
3 changed files with 29 additions and 0 deletions
--- a/configuration/configuration.py
+++ b/configuration/configuration.py
@ -310,6 +310,12 @@ REMOTE_AUTH_SUPERUSER_GROUPS = _environ_get_and_map('REMOTE_AUTH_SUPERUSER_GROUP
 REMOTE_AUTH_SUPERUSERS = _environ_get_and_map('REMOTE_AUTH_SUPERUSERS', '', _AS_LIST)
 REMOTE_AUTH_STAFF_GROUPS = _environ_get_and_map('REMOTE_AUTH_STAFF_GROUPS', '', _AS_LIST)
 REMOTE_AUTH_STAFF_USERS = _environ_get_and_map('REMOTE_AUTH_STAFF_USERS', '', _AS_LIST)
+# SSO Configuration
+SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY = environ.get('SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY')
+SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET = _read_secret('okta_openidconnect_secret', environ.get('SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET', ''))
+SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL = environ.get('SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL')
+SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = environ.get('SOCIAL_AUTH_GOOGLE_OAUTH2_KEY')
+SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = _read_secret('google_oauth2_secret', environ.get('SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET', ''))

 # This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
 # version check or use the URL below to check for release in the official NetBox repository.
--- a/docker-compose.override.yml.example
+++ b/docker-compose.override.yml.example
@ -16,3 +16,18 @@ services:
      # SUPERUSER_EMAIL: ""
      # SUPERUSER_NAME: ""
      # SUPERUSER_PASSWORD: ""
+      # SSO Configuration
+      # SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY: "your_okta_client_id"
+      # SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL: "https://your-domain.okta.com"
+      # SOCIAL_AUTH_GOOGLE_OAUTH2_KEY: "your_google_client_id"
+    # secrets:
+      # - okta_openidconnect_secret
+      # - google_oauth2_secret
+
+# Uncomment to use Docker secrets for SSO credentials
+# secrets:
+#   okta_openidconnect_secret:
+#     file: ./secrets/okta_secret.txt
+#   google_oauth2_secret:
+#     file: ./secrets/google_secret.txt
+
--- a/env/netbox.env
+++ b/env/netbox.env
@ -33,4 +33,12 @@ REDIS_SSL=false
 RELEASE_CHECK_URL=https://api.github.com/repos/netbox-community/netbox/releases
 SECRET_KEY='r(m)9nLGnz$(_q3N4z1k(EFsMCjjjzx08x9VhNVcfd%6RF#r!6DE@+V5Zk2X'
 SKIP_SUPERUSER=true
+# SSO Configuration (uncomment and configure as needed)
+# OKTA OpenID Connect
+# SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY=your_okta_client_id
+# SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET=your_okta_client_secret
+# SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL=https://your-domain.okta.com
+# Google OAuth2
+# SOCIAL_AUTH_GOOGLE_OAUTH2_KEY=your_google_client_id
+# SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET=your_google_client_secret
 WEBHOOKS_ENABLED=true