Auth Proxy Authentication: setting user role

bwint · August 27, 2021, 9:51am

Hi everyone!

I’m trying to use the Auth Proxy feature to pass a specific role to the user I’m authenticating.

If I understand this PR and the documentation correctly this should be possible in v 8.1.2.

I use a reverse proxy to authenticate the user which then passes two headers to Grafana:
X-WEBAUTH-USER and X-WEBAUTH-ROLE

My config section regarding auth.proxy looks like this:

[auth.proxy]
enabled = true
auto_sign_up = true
header_name = X-WEBAUTH-USER
header_property = username
headers = Role:X-WEBAUTH-ROLE
ldap_sync_ttl = 60
sync_ttl = 60
whitelist =
enable_login_token = false

The X-WEBAUTH-USER header contains the username and works like a charm.
I tried sending the strings “admin” and “Admin” in the X-WEBAUTH-ROLE header to set the authenticated user to the admin role to be able to access dashboards with restricted permissions but had no success.

Is there any documentation on what to send in the X-WEBAUTH-ROLE header or did anyone else already figure it out?

Thanks in advance!

rubenvandeput · December 17, 2021, 3:20pm

Hi, I’m wondering if you found a solution, because I’m facing the same problem.
Edit: never mind, it works in Grafana 8.3.3.

bwint · December 18, 2021, 1:15pm

That sounds like good, news! Thank you for sharing.
Until now I wasn’t able to solve it. I will update next week and see if will work for me too.