Microsoft Entra ID login 'social_core.exceptions.AuthMissingParameter'

[mitchplze]

Deployment Type

NetBox Docker

NetBox Version

4.3.1-Docker-3.3.0

Python Version

3.12.3

Steps to Reproduce

• Follow the new Entra ID SSO guide for single tenant, add the following to env/netbox.env:

REMOTE_AUTH_BACKEND = 'social_core.backends.azuread.AzureADOAuth2'
SOCIAL_AUTH_AZUREAD_OAUTH2_KEY = '<<clientID>>' 
SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET = '<<clientSecret>>' 

• Fully restart NetBox Docker (docker compose down; docker compose up -d)
• Try to login with Entra ID authentication

Expected Behavior

The login should have succeeded and logged me into NetBox with my Entra credentials

Observed Behavior

The following M365 error is displayed after clicking the login w Entra button:

AADSTS700016: Application with identifier 'None' was not found in the directory 'My Company Name Redacted'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

Troubleshooting

A little while back, Microsoft started requiring unique tenant IDs for OAuth requests, instead of a generic URL.

After reviewing these docs, I tried adding the following to my env/netbox.env file:

SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID = '<<tenantID>>'

But that did not work either.

I also tried going to the admin consent URL (as a Global Admin): https://login.microsoftonline.com/common/adminconsent?client_id=<<clientID>>, and granting consent to the default read profile, and I receive the following in NetBox:

<class 'social_core.exceptions.AuthMissingParameter'>
Missing needed parameter state
Python version: 3.12.3
NetBox version: 4.3.1-Docker-3.3.0
Plugins: None installed

[mitchplze]

Okay, so if I put the Entra ID config directly into configuration/configuration.py it seems to work, but not when using the Docker .env file as anticipated. Perhaps this is my failing, and this is not actually a bug.

[screamsid]

So I had the same issue, and went through the same process you had. There's a discussion here discussing this exact issue

netbox-community/netbox-docker#882

But rather than read all that the summary is, the clientid isn't being passed when you configure it within the environment variable.

The solution to overcome this bug?!? as mentioned in the link above is this is this:

1. Create a social_auth.py Config File

Go to your NetBox config directory (usually something like /opt/netbox/netbox-docker/configuration).

Create a new file called social_auth.py in there. It doesn't have to be called this, but I did so I knew what it was for.

---

2. Drop in Your Azure AD Settings

Open up social_auth.py and add the following, swapping in your own details:

SOCIAL_AUTH_AZUREAD_OAUTH2_KEY = "your-client-id-here"
SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET = "your-client-secret-here"
SOCIAL_AUTH_AZUREAD_OAUTH2_TENANT_ID = "your-tenant-id-here"
REMOTE_AUTH_BACKEND = "social_core.backends.azuread.AzureADOAuth2"

---

3. Make Sure Docker Compose Is Mapping the Config

Check your docker-compose.yml and confirm you’ve got something like:

volumes:

• ./configuration:/etc/netbox/config:z,ro

This tells NetBox to pick up your custom config files from the host, and it should already be set as default.

---

4. Restart Your NetBox Containers

Bounce the containers so it all takes effect:

docker compose down
docker compose up -d

---

That sorted the client_id=None error for me.
It’s not fancy, but it works. Tweak paths if your setup’s a bit different etc.

Couldn't have done this without the other comments in the other discussion, as they helped massively. Hope that helps.