Auth Proxy Authentication: setting user role

Hi everyone!

I’m trying to use the Auth Proxy feature to pass a specific role to the user I’m authenticating.

If I understand this PR and the documentation correctly this should be possible in v 8.1.2.

I use a reverse proxy to authenticate the user which then passes two headers to Grafana:

My config section regarding auth.proxy looks like this:

enabled = true
auto_sign_up = true
header_name = X-WEBAUTH-USER
header_property = username
headers = Role:X-WEBAUTH-ROLE
ldap_sync_ttl = 60
sync_ttl = 60
whitelist =
enable_login_token = false

The X-WEBAUTH-USER header contains the username and works like a charm.
I tried sending the strings “admin” and “Admin” in the X-WEBAUTH-ROLE header to set the authenticated user to the admin role to be able to access dashboards with restricted permissions but had no success.

Is there any documentation on what to send in the X-WEBAUTH-ROLE header or did anyone else already figure it out?

Thanks in advance!

Hi, I’m wondering if you found a solution, because I’m facing the same problem.
Edit: never mind, it works in Grafana 8.3.3.

1 Like

That sounds like good, news! Thank you for sharing.
Until now I wasn’t able to solve it. I will update next week and see if will work for me too.