We had successful Okta integration with LibreNMS, unfortunally now it’s not working anymore without changes from ou side (besides automatic updates with ./daily.sh). After successful auth. with Okta account, it’s just redirects to login screen without any error message.
Steps to reproduce an issue.
Click on “Login with Okta” button on login page, pass Okta account and password, getting redirected to login page again with logging in to WebUi.
The output of ./validate.php
netmon:/opt/librenms# sudo -u librenms ./validate.php
===========================================
Component | Version
--------- | -------
LibreNMS | 23.4.1-24-g2ddfba51d (2023-04-21T05:30:32+02:00)
DB Schema | 2023_04_12_174529_modify_ports_table (250)
PHP | 8.1.18
Python | 3.9.2
Database | MariaDB 10.5.18-MariaDB-0+deb11u1
RRDTool | 1.7.2
SNMP | 5.9
===========================================
[OK] Composer Version: 2.5.5
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database Schema is current
[OK] SQL Server meets minimum requirements
[OK] lower_case_table_names is enabled
[OK] MySQL engine is optimal
[OK] Database and column collations are correct
[OK] Database schema correct
[OK] MySQl and PHP time match
[OK] Active pollers found
[OK] Dispatcher Service not detected
[OK] Locks are functional
[OK] Python poller wrapper is polling
[OK] Redis is unavailable
[OK] rrd_dir is writable
[OK] rrdtool version ok
I can confirm that LibreNMS will not create users anymore in MySQL, I just removed my user from DB and it will not recreate it. I couldn’t find anything in librenms.log and in Okta logs I see success auth so I think there is something with LibreNMS, but don’t know how troubleshoot further.
I run install for plugin again like this, but it didn’t changed anything.
netmon:/opt/librenms# sudo -u librenms lnms plugin:add socialiteproviders/okta
Info from https://repo.packagist.org: #StandWithUkraine
./composer.json has been updated
Running composer update socialiteproviders/okta
> LibreNMS\ComposerHelper::preUpdate
Loading composer repositories with package information
Updating dependencies
Nothing to modify in lock file
Writing lock file
Installing dependencies from lock file
Nothing to install, update or remove
Package influxdb/influxdb-php is abandoned, you should avoid using it. No replacement was suggested.
Generating optimized autoload files
> Illuminate\Foundation\ComposerScripts::postAutoloadDump
> @php artisan package:discover --ansi
INFO Discovering packages.
laravel-notification-channels/webpush ....................................................................................................... DONE
laravel/socialite ........................................................................................................................... DONE
laravel/tinker .............................................................................................................................. DONE
laravel/ui .................................................................................................................................. DONE
librenms/laravel-vue-i18n-generator ......................................................................................................... DONE
mews/purifier ............................................................................................................................... DONE
nesbot/carbon ............................................................................................................................... DONE
nunomaduro/termwind ......................................................................................................................... DONE
php-flasher/flasher-laravel ................................................................................................................. DONE
spatie/laravel-ignition ..................................................................................................................... DONE
tightenco/ziggy ............................................................................................................................. DONE
72 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> Illuminate\Foundation\ComposerScripts::postUpdate
No security vulnerability advisories found
Using version ^4.2 for socialiteproviders/okta
Using version ^4.2 for socialiteproviders/okta
composer.plugins.json has been updated
Thanks for this I was going nuts for a few minutes. I added ‘register’ = ‘true’ to my config and now I can login via OKTA.
However when I go to ‘User Preferences’ I get ‘Device Permissions’ = ‘No Access’
How do you do permissions for users given Okta auth? (currently we are doing LDAP, but looking to migrate to Okta)
If I log in as a admin user (non Okta) I can edit the Okta users and set ‘Level’ ?
It does complain ‘The realname may only contain letters, numbers, underscores and spaces.’ since my realname from Okta is ‘Surname, Firstname’
I can set level in the database ok … seems a bit of a step back? Can I do something automagically (apparently the Okta API can give the groups of a user based on a login token … or if I had some hook into the login I could do a ldap lookup for group membership etc …)
I only know about direct setting in DB as you’ve mentioned, not sure there is a automatic way to do it, which would be nice, I agree.
Here is example how to set it in DB for anyone else with this problem, this will set “admin” access to user.