I have an web application where I will login to my application using the login credentials. Once logged in, a link will be displayed on my application web page. On click of that link I should be able redirect to Grafana and login to the Grafana automatically using my web application credentials.
How can I achieive the above scenario?
(i.e redirecting to the grafana page and automatically login without displaying the grafana login page.)
By using any of the methods mentioned above(like Auth-Proxy, O-Auth, HTTP-API) and for automatic login to work, should I pre-create users in Grafana also?
Yes Sir, I am looking at the automatic login feature to Grafana directly from my web application.
I am trying to implement the automatic login feature as per your suggestion above. Thank you for sharing the information Sir.
#The ip address to bind to, empty will bind to all interfaces ;http_addr = IP-ADDRESS-HERE
#The http port to use
;http_port = 3000
#The public facing domain name used to access grafana from a browser ;domain = IP-ADDRESS-HERE
#Redirect to correct domain if host header does not match domain #Prevents DNS rebinding attacks
;enforce_domain = false
#The full public facing url you use in browser, used for redirects and emails #If you use reverse proxy and sub path specify full url (with sub path)
;root_url = http://grafana.staged-by-discourse.com
…
…
Restarted the Grafana server.
Created the grafana_htpasswd file in /etc/httpd directory.
setup in Apache httpd.conf file is as follows:
<VirtualHost *:80>
ServerAdmin webmaster@authproxy
ServerName authproxy
ErrorLog “logs/authproxy-error_log”
CustomLog “logs/authproxy-access_log” common
I got the output as follows even though I have made a setup of auth-proxy with apache: {“message”:“Unauthorized”}
Please let me know how I can proceed further to make it work properly. So that I can set a username HTTP header for the request from my web application and try it out there by redirecting the request to Grafana for automatic login.
Can we do this ifream with NGINX.
i am using the NGIN.fonfg
set $username “guna”;
proxy_pass https://community.grafana.com/;
proxy_set_header X-WEBAUTH-USER test-user;
proxy_set_header Authorization “”;
proxy_set_header X-WEBAUTH-USER $username;
I have a Django app where users can sign in with google OAuth.
I want to provide a button upon clicking that, the same authenticated user should be able to access Grafana.
I am able to do standalone google sso login to Grafana from the Grafana login page but I do not want the login page to be visible to the user who is already signed into my Django app.
@daniellee Can you please help? / Point me to the documentation that will help.
PS: I tried setting up an apache proxy but the issue with that is I need to provide the user upfront using htpasswd file. I do not want this restriction as new users can sign up for my Django app.
Create a viwer-only bearer token in API setting on grafana
Create a new viewer only service pointing to the grafana app/pod (you need this for unauthenticates traffic)
Create a new haproxy viewer only ingress that points to the viewer only service, with the following annotations: haproxy.org/backend-config-snippet: |
…
http-request set-header Authorization “Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxx”