I have been looking at adding cas authentication to netbox and it seems that external authentication sources other then ldap are not really supported. There is a pull request to add saml support[1] as well as an issue[2] which lists some other implementations to add saml. Further there is no support for handing of authentication to a front end proxy using http headers, Although this seems to be the direction the the netbox community is planning on moving towards[3]. There is also work to add a plugin system[4] which could potentially be utilised to add saml [or other third party] authentication.
Either way it doesn't look like either of theses will be supported in the near term future and wanted to canvas opinion on a way forward. The patches to add either saml or authentication via http headers (the prefered way forward) both seem to be relatively simple however it does mean patching the netbox code. Is this something that is sane to consider. It seems that netbox is already distributed via scap, dose that mean we have already made modifications? If so should i just add modifications there. Or would it be better to distribute our modifications via some other method i.e. puppet.
The other thing to mention is that it is currently not clear how authentication mappings would work. I believe all the examples just map users to a hard-coded group or what ever the netbox default is. I have not seen any which can map to specific netbox roles. I wonder how much of an issues this would cause us and how difficult it would be to add some type oof role mapping
[1]https://github.com/netbox-community/netbox/pull/3010
[2]https://github.com/netbox-community/netbox/issues/1677
[3]https://github.com/netbox-community/netbox/issues/2328
[4]https://github.com/netbox-community/netbox/issues/3351