Is modifying LOGIN_URL possible ?

[CTV-2023]

Following these topics :

• Add the ability to remove user sign in field #11672
• Allow the Django LOGIN_URL setting to be defined in configuration #13002

And this refused pull request #13003

I'd like my lazy users to avoid one click (besides, they should never use local users + if Entra ID is broken, we have other concerns + the admin can swap back to normal login page) and make SAML as default login page.

It seemed easy, I tried to change my login URL from LOGIN_URL = f'/{BASE_PATH}login/' to LOGIN_URL = f'/{BASE_PATH}oauth/login/saml/?idp=MYIDP'

This returns

<class 'KeyError'>

'MYIDP?next=/'

Python version: 3.8.13
NetBox version: 3.6.6
Plugins: None installed

The login process seems to add ?next/ to the default URL, which seems to be an expected behaviour in middleware.py file.

        # Enforce the LOGIN_REQUIRED config parameter. If true, redirect all non-exempt unauthenticated requests
        # to the login page.
        if (
            settings.LOGIN_REQUIRED and
            not request.user.is_authenticated and
            not request.path_info.startswith(settings.AUTH_EXEMPT_PATHS)
        ):
            login_url = f'{settings.LOGIN_URL}?next={parse.quote(request.get_full_path_info())}'

Is there a clean way to modify the default login page ?

EDIT : what bothers me is the "if" itself, as oauth is in AUTH_EXEMPT_PATHS. Is something broken here ? Is it because "oauth" is not in the request but is only the login URL, as the request being the site base URL ?

[DanSheps]

Following these topics :

• Add the ability to remove user sign in field #11672
• Allow the Django LOGIN_URL setting to be defined in configuration #13002

And this refused pull request #13003

Just to be clear, #13003 was refused because neither of those issues attached were approved.

One of those issues it was mentioned that we would entertain a FR to collapse the various login systems, someone just needed to submit an FR for that. I would go a step further and suggest that we could also allow assigning "priority" to the logins to allow for re-ordering them.

The other simply timed out because there was no uptake on the issue itself.

I'd like my lazy users to avoid one click (besides, they should never use local users + if Entra ID is broken, we have other concerns + the admin can swap back to normal login page) and make SAML as default login page.

I would say you are more then welcome to create an FR for this. For the reasons stated, we would reject most instances to "hide" the default login, however I could see some middle ground here:

• Allow for specifying the default login URL, which changes the login button
  • Alternative: Add a dropdown to the login button to allow chosing the old login but still maintain the default URL if you actually click the button
• Allow access to the normal login page still, via other means to manually typing it in

This isn't to say I would support it, it is just a suggestion as a possible "middle ground"

It seemed easy, I tried to change my login URL from LOGIN_URL = f'/{BASE_PATH}login/' to LOGIN_URL = f'/{BASE_PATH}oauth/login/saml/?idp=MYIDP'

This returns

<class 'KeyError'>

'MYIDP?next=/'

Python version: 3.8.13
NetBox version: 3.6.6
Plugins: None installed

The login process seems to add ?next/ to the default URL, which seems to be an expected behaviour in middleware.py file.

        # Enforce the LOGIN_REQUIRED config parameter. If true, redirect all non-exempt unauthenticated requests
        # to the login page.
        if (
            settings.LOGIN_REQUIRED and
            not request.user.is_authenticated and
            not request.path_info.startswith(settings.AUTH_EXEMPT_PATHS)
        ):
            login_url = f'{settings.LOGIN_URL}?next={parse.quote(request.get_full_path_info())}'

Is there a clean way to modify the default login page ?

EDIT : what bothers me is the "if" itself, as oauth is in AUTH_EXEMPT_PATHS. Is something broken here ? Is it because "oauth" is not in the request but is only the login URL, as the request being the site base URL ?

I believe the next parameter tells the login process where to send you after you successfully login.

[CTV-2023]

Just to be clear, #13003 was refused because neither of those issues attached were approved.

No offense, I don't work with github and I'm not familiar with its vocabulaty :)

I understand your position on this, I like the idea of manually typing the URL. For instance, for libreNMS we use SSO by default with a configurable option, but can still access the default login page with "/login?redirect=0