mirror of
https://github.com/netbirdio/docs.git
synced 2026-05-02 15:26:36 +00:00
3062285c99
* docs: add ADFS with Web Application Proxy self-hosted guide
New guide for integrating on-prem Active Directory with ADFS as an OIDC
identity provider for self-hosted NetBird. Covers ADFS on a dedicated
member server, Web Application Proxy in a DMZ, Duo ADFS MFA Adapter,
claim transform rules, and the required NetBird configuration
(NETBIRD_TOKEN_SOURCE=idToken, NETBIRD_AUTH_USER_ID_CLAIM=upn).
* docs: rewrite ADFS guide for Community Edition Dashboard flow
Switch from standalone/setup.env style to the CE-native Dashboard-based
external IdP flow:
- Use a confidential Server Application (Add-AdfsServerApplication with
generated client secret) instead of a Native Application with PKCE.
- Redirect URI now comes from NetBird's Settings > Identity Providers
flow, not hard-coded /peers paths.
- Drop the NETBIRD_TOKEN_SOURCE and NETBIRD_AUTH_USER_ID_CLAIM env vars
(those are standalone/commercial-license settings).
- Fix the base64 sub claim issue upstream in ADFS via a new claim rule
(Rule 5) that emits sub from UPN, with a fallback note about
PairwiseIdentifierEnabled for ADFS builds that need it.
- Update Troubleshooting and Configuration Summary to match.
* docs: expand ADFS Step 1 and Step 5 with deeper setup prose
Pull in the richer explanations from the updated source guide:
- Step 1 gets server-provisioning prerequisites, Get-WindowsFeature
verification after role install, expanded TLS cert rationale with
Test-Certificate, a three-option service-account discussion with the
Get-KdsRootKey check and lab-mode EffectiveTime trick, a full
troubleshooting block for Install-ADServiceAccount, per-parameter
explanations for Install-AdfsFarm, and a Start-Service + event-log
fallback plus detailed OIDC-endpoint troubleshooting in 1.5.
- Step 5 gets a full Provision the WAP Server section covering server
specs, the domain-join decision (with SCADA framing generalized),
pre-install firewall rules, hosts-file name resolution with Test-
NetConnection, and exact Export-PfxCertificate/Import-PfxCertificate
flow for the WAP cert. Step 5.3 is reframed as Establish the Proxy
Trust with what-it-does and what-you-need callouts; 5.4 expands
Get-WebApplicationProxyHealth troubleshooting.
CE-specific rewrites (Server Application flow, Dashboard IdP config,
Rule 5 sub override, Duo-optional framing) are preserved.
* docs: fix ADFS intra-page anchor links
@sindresorhus/slugify (the project's heading slug generator) splits
CamelCase words (NetBird -> net-bird) and inserts hyphens between
period-separated digits (2.3 -> 2-3). Update every in-page anchor to
match the generated slugs so step links resolve correctly.
Also redirect the UPN row in the AD attributes table to Step 3, since
the 'Required NetBird Configuration Settings' subsection it used to
reference was removed in the CE rewrite.
* docs: note that ADFS group-membership claim rules are optional
Rules 3a and 3b in Step 3 produce the 'groups' claim consumed by
JWT Group Sync. Add a Note explaining they can be skipped if group
sync isn't needed, and clarify that 3a and 3b must be kept together
(3a emits into a temp claim, 3b filters and renames it to 'groups').
* docs: expand ADFS Step 3 intro with context and per-rule overview
The prior one-sentence intro ('NetBird requires specific claims in the
OIDC tokens') didn't explain what issuance transform rules are or what
each of the six rules does. Add a paragraph on why ADFS needs them and
a short bullet list describing each rule's purpose and dependencies
(e.g., Rule 5 depends on Rule 4). The optional-rules Note and code
block follow unchanged.
* docs: fix ADFS guide inaccuracies flagged in review
- Replace Get-EventLog with Get-WinEvent in Step 1.5 — Get-EventLog
only reads classic logs and cannot open 'AD FS/Admin', which lives
under Applications and Services Logs.
- Remove references to Set-AdfsServerApplication -PairwiseIdentifierEnabled
$false; that parameter does not exist on the cmdlet. Replace the
fallback guidance with NETBIRD_AUTH_USER_ID_CLAIM="upn" in setup.env,
which was the actual POC fix alongside the Rule 5 claim override.
- Restructure the 404 troubleshooting entry as a two-step fix
(claim rule + NetBird env var) with a decode-token sanity check.
- Drop the 'Domain Users' example from the JWT group sync paragraph
since Rule 3b's default '^NetBird-' filter would exclude it;
clarify that visible groups are governed by the filter regex.
- Relabel the LDAP/LDAPS firewall row as 'directory and attribute
lookups (claim data)' rather than 'authentication'; ADFS
authenticates users via Kerberos and uses LDAP for attribute lookup.
- Add a clarifying Note to Step 2.5 explaining that the guide reuses
the client_id as the Web API identifier for simplicity, and larger
environments may prefer a distinct resource URI.
* docs: rewrite ADFS guide to focus on NetBird-specific configuration
* docs: nest ADFS/DC and WAP/NetBird in topology as separate boxes
* docs: refer to NetBird's Microsoft AD FS connector instead of Generic OIDC
* docs: rework ADFS topology diagram and convert callouts to Note components
* docs: rename Restricted/OT to Restricted Network in ADFS guide
* docs: drop Generic OIDC link from ADFS related resources
* docs: drop single-group limitation from ADFS guide
The NetBird documentation
This repository contains assets required to build the documentation website for NetBird. It is built using Next.js with MDX support, a modern React framework for building static and dynamic websites.
We're glad that you want to contribute!
Requirements
- node 16
- npm 8+
Installation
$ npm install
Local Development
$ npm run dev
This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.
Contributing to the docs
You can click the Fork button in the upper-right area of the screen to create a copy of this repository in your GitHub account. This copy is called a fork. Make any changes you want in your fork, and when you are ready to send those changes to us, go to your fork and create a new pull request to let us know about it.
Once your pull request is created, a NetBird reviewer will take responsibility for providing clear, actionable feedback. As the owner of the pull request, it is your responsibility to modify your pull request to address the feedback that has been provided to you by the NetBird reviewer.
Also, note that you may end up having more than one NetBird reviewer provide you feedback or you may end up getting feedback from a NetBird reviewer that is different than the one initially assigned to provide you feedback.
Furthermore, in some cases, one of your reviewers might ask for a technical review from a NetBird author when needed. Reviewers will do their best to provide feedback in a timely fashion but response time can vary based on circumstances.
Code of conduct
Participation in the NetBird community is governed by the NetBirds' Code of Conduct.
Components and Use
This documentation uses several custom MDX components. Here's a guide to the most commonly used components:
Alert Components
Use these components to highlight important information:
Note
Displays informational content with an orange theme:
import {Note} from "@/components/mdx"
<Note>
NetBird is an **[open-source](https://github.com/netbirdio/netbird)** project and can be self-hosted.
See a comparison between the self-hosted and cloud-hosted versions [here](/selfhosted/self-hosted-vs-cloud-netbird).
</Note>
Warning
Displays warning content with a red theme:
import {Warning} from "@/components/mdx"
<Warning>
The API is still in Beta state so some errors might not be handled properly yet.
</Warning>
Success
Displays success messages with a green theme:
import {Success} from "@/components/mdx"
<Success>
Your configuration has been successfully applied.
</Success>
Tiles Component
Displays a grid of clickable cards with hover effects. Perfect for listing related resources or guides:
import {Tiles} from "@/components/Tiles"
<Tiles
title="About NetBird"
id="about-netbird"
items={[
{
href: '/about-netbird/how-netbird-works',
name: 'How NetBird Works',
description: 'Learn about NetBird concepts, architecture, protocols, and how it creates secure networks.',
},
{
href: '/about-netbird/netbird-vs-traditional-vpn',
name: 'NetBird vs. Traditional VPN',
description: 'Discover how NetBird compares to traditional VPNs and understand the advantages of Zero Trust networking.',
},
]}
/>
Props:
title(string, required): The heading title for the tiles sectionid(string, optional): Optional id for the heading anchoritems(array, required): Array of objects withhref,name, anddescriptionbuttonText(string, optional): Button text (defaults to "Read more" - currently unused as cards are fully clickable)
YouTube Component
Embeds YouTube videos with customizable parameters:
import {YouTube} from "@/components/YouTube"
<YouTube videoId="CFa7SY4Up9k" />
// With custom parameters
<YouTube
videoId="CFa7SY4Up9k"
title="Video Title"
start={175}
color="white"
modestbranding={1}
rel={1}
/>
// Or use a URL instead of videoId
<YouTube url="https://www.youtube.com/watch?v=CFa7SY4Up9k" />
Props:
videoId(string): YouTube video IDurl(string): YouTube URL (alternative to videoId)title(string, optional): Video titlestart(number, optional): Start time in secondscolor(string, optional): Progress bar color -'white'or'red'(default:'white')modestbranding(number, optional): Reduces YouTube branding -0or1(default:1)controls(number, optional): Show/hide controls -0,1, or2(default:1)rel(number, optional): Show related videos -0or1(default:1)
Button Component
Creates styled buttons with multiple variants:
import {Button} from "@/components/Button"
// Primary button (default)
<Button href="https://app.netbird.io/install" arrow="right">
Get started
</Button>
// Secondary button
<Button href="/path" variant="secondary">
Learn more
</Button>
// Outline button
<Button href="/path" variant="outline">
Explore
</Button>
// Text button
<Button href="/path" variant="text" arrow="right">
Read more
</Button>
// With left arrow
<Button href="/path" arrow="left">
Back
</Button>
Props:
variant(string, optional): Button style -'primary','secondary','filled','outline', or'text'(default:'primary')href(string, optional): Link URL (creates a link if provided, otherwise renders as button)arrow(string, optional): Arrow icon -'left'or'right'children(required): Button text content
Other Common Components
Row and Col
Create two-column layouts:
import {Row, Col} from "@/components/mdx"
<Row>
<Col>
Left column content
</Col>
<Col sticky>
Right column content (sticky on scroll)
</Col>
</Row>
Properties and Property
Define API properties or configuration options:
import {Properties, Property} from "@/components/mdx"
<Properties>
<Property name="apiKey" type="string" required>
Your API key for authentication.
</Property>
<Property name="timeout" type="number" min={0} max={300}>
Request timeout in seconds (default: 30).
</Property>
</Properties>
Badge
Displays small status badges:
import {Badge} from "@/components/mdx"
<Badge>New</Badge>
<Badge variant="secondary">Beta</Badge>
Code Blocks
Code syntax highlighting (automatically available):
\`\`\`bash
npm install
npm run dev
\`\`\`
// Or use code groups for multiple languages
<CodeGroup>
```bash title="Installation"
npm install
yarn install
Thank you
NetBird thrives on community participation, and we appreciate your contributions to our website and our documentation!