diff --git a/docs/administration/authentication/overview.md b/docs/administration/authentication/overview.md index a6c3a3159..e582f009e 100644 --- a/docs/administration/authentication/overview.md +++ b/docs/administration/authentication/overview.md @@ -40,3 +40,22 @@ REMOTE_AUTH_BACKEND = 'social_core.backends.google.GoogleOAuth2' NetBox supports single sign-on authentication via the [python-social-auth](https://github.com/python-social-auth) library. To enable SSO, specify the path to the desired authentication backend within the `social_core` Python package. Please see the complete list of [supported authentication backends](https://github.com/python-social-auth/social-core/tree/master/social_core/backends) for the available options. Most remote authentication backends require some additional configuration through settings prefixed with `SOCIAL_AUTH_`. These will be automatically imported from NetBox's `configuration.py` file. Additionally, the [authentication pipeline](https://python-social-auth.readthedocs.io/en/latest/pipeline.html) can be customized via the `SOCIAL_AUTH_PIPELINE` parameter. (NetBox's default pipeline is defined in `netbox/settings.py` for your reference.) + +#### Configuring the SSO module's appearance + +The way a remote authentication backend is displayed to the user on the login +page may be adjusted via the `SOCIAL_AUTH_BACKEND_ATTRS` parameter, defaulting +to an empty dictionary. This dictionary maps a `social_core` module's name (ie. +`REMOTE_AUTH_BACKEND.name`) to a couple of parameters, `(display_name, icon)`. + +The `display_name` is the name displayed to the user on the login page. The +icon may either be the URL of an icon; refer to a [Material Design +Icons](https://github.com/google/material-design-icons) icon's name; or be +`None` for no icon. + +For instance, the OIDC backend may be customized with +```python +SOCIAL_AUTH_BACKEND_ATTRS = { + 'oidc': ("My awesome SSO", "login"), +} +``` diff --git a/netbox/account/views.py b/netbox/account/views.py index d7c43aebf..d39b00d7a 100644 --- a/netbox/account/views.py +++ b/netbox/account/views.py @@ -44,10 +44,20 @@ class LoginView(View): return super().dispatch(*args, **kwargs) def gen_auth_data(self, name, url, params): - display_name, icon_name = get_auth_backend_display(name) + display_name, icon_source = get_auth_backend_display(name) + + icon_name = None + icon_img = None + if icon_source: + if '://' in icon_source: + icon_img = icon_source + else: + icon_name = icon_source + return { 'display_name': display_name, 'icon_name': icon_name, + 'icon_img': icon_img, 'url': f'{url}?{urlencode(params)}', } diff --git a/netbox/netbox/authentication/__init__.py b/netbox/netbox/authentication/__init__.py index 55fd91d4d..8c4bde436 100644 --- a/netbox/netbox/authentication/__init__.py +++ b/netbox/netbox/authentication/__init__.py @@ -49,12 +49,15 @@ AUTH_BACKEND_ATTRS = { 'okta-openidconnect': ('Okta (OIDC)', None), 'salesforce-oauth2': ('Salesforce', 'salesforce'), } +# Override with potential user configuration +AUTH_BACKEND_ATTRS.update(getattr(settings, 'SOCIAL_AUTH_BACKEND_ATTRS', {})) def get_auth_backend_display(name): """ - Return the user-friendly name and icon name for a remote authentication backend, if known. Defaults to the - raw backend name and no icon. + Return the user-friendly name and icon name for a remote authentication backend, if + known. Obtained from the defaults dictionary AUTH_BACKEND_ATTRS, overridden by the + setting `SOCIAL_AUTH_BACKEND_ATTRS`. Defaults to the raw backend name and no icon. """ return AUTH_BACKEND_ATTRS.get(name, (name, None)) diff --git a/netbox/templates/login.html b/netbox/templates/login.html index 1afbd6f29..f8575e4c1 100644 --- a/netbox/templates/login.html +++ b/netbox/templates/login.html @@ -78,7 +78,8 @@ {% for backend in auth_backends %}
- {% if backend.icon_name %}{% endif %} + {% if backend.icon_name %} + {% elif backend.icon_img %}{% endif %} {{ backend.display_name }}