Closes #15811: Note potential incompatibilities for remote auth headers containing underscores
This commit is contained in:
parent
4b21cf604b
commit
c73a974fa9
|
@ -14,3 +14,7 @@ timeout = 120
|
||||||
# The maximum number of requests a worker can handle before being respawned
|
# The maximum number of requests a worker can handle before being respawned
|
||||||
max_requests = 5000
|
max_requests = 5000
|
||||||
max_requests_jitter = 500
|
max_requests_jitter = 500
|
||||||
|
|
||||||
|
# Uncomment this line to accept HTTP headers containing underscores, e.g. for remote
|
||||||
|
# authentication support. See https://docs.gunicorn.org/en/stable/settings.html#header-map
|
||||||
|
# header-map = 'dangerous'
|
||||||
|
|
|
@ -26,7 +26,10 @@ REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend'
|
||||||
|
|
||||||
Another option for remote authentication in NetBox is to enable HTTP header-based user assignment. The front end HTTP server (e.g. nginx or Apache) performs client authentication as a process external to NetBox, and passes information about the authenticated user via HTTP headers. By default, the user is assigned via the `REMOTE_USER` header, but this can be customized via the `REMOTE_AUTH_HEADER` configuration parameter.
|
Another option for remote authentication in NetBox is to enable HTTP header-based user assignment. The front end HTTP server (e.g. nginx or Apache) performs client authentication as a process external to NetBox, and passes information about the authenticated user via HTTP headers. By default, the user is assigned via the `REMOTE_USER` header, but this can be customized via the `REMOTE_AUTH_HEADER` configuration parameter.
|
||||||
|
|
||||||
Optionally, user profile information can be supplied by `REMOTE_USER_FIRST_NAME`, `REMOTE_USER_LAST_NAME` and `REMOTE_USER_EMAIL` headers. These are saved to the users profile during the authentication process. These headers can be customized like the `REMOTE_USER` header.
|
Optionally, user profile information can be supplied by `REMOTE_USER_FIRST_NAME`, `REMOTE_USER_LAST_NAME` and `REMOTE_USER_EMAIL` headers. These are saved to the user's profile during the authentication process. These headers can be customized like the `REMOTE_USER` header.
|
||||||
|
|
||||||
|
!!! warning Verify Header Compatibility
|
||||||
|
Some WSGI servers may drop headers which contain unsupported characters. For instance, gunicorn v22.0 and later silently drops HTTP headers containing underscores. This behavior can be disabled by changing gunicorn's [`header_map`](https://docs.gunicorn.org/en/stable/settings.html#header-map) setting to `dangerous`.
|
||||||
|
|
||||||
### Single Sign-On (SSO)
|
### Single Sign-On (SSO)
|
||||||
|
|
||||||
|
|
|
@ -85,6 +85,9 @@ Default: `'HTTP_REMOTE_USER'`
|
||||||
|
|
||||||
When remote user authentication is in use, this is the name of the HTTP header which informs NetBox of the currently authenticated user. For example, to use the request header `X-Remote-User` it needs to be set to `HTTP_X_REMOTE_USER`. (Requires `REMOTE_AUTH_ENABLED`.)
|
When remote user authentication is in use, this is the name of the HTTP header which informs NetBox of the currently authenticated user. For example, to use the request header `X-Remote-User` it needs to be set to `HTTP_X_REMOTE_USER`. (Requires `REMOTE_AUTH_ENABLED`.)
|
||||||
|
|
||||||
|
!!! warning Verify Header Compatibility
|
||||||
|
Some WSGI servers may drop headers which contain unsupported characters. For instance, gunicorn v22.0 and later silently drops HTTP headers containing underscores. This behavior can be disabled by changing gunicorn's [`header_map`](https://docs.gunicorn.org/en/stable/settings.html#header-map) setting to `dangerous`.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## REMOTE_AUTH_USER_EMAIL
|
## REMOTE_AUTH_USER_EMAIL
|
||||||
|
|
Loading…
Reference in New Issue