So I’m trying to set up an SSO between our Grafana-server and our Azure AD but I’m not getting anywhere.
I started by following the guide here: Azure AD OAuth2 authentication | Grafana Labs which is really straight forward but I’m still presented with an error afterwards. The error I receive when trying to login with SSO is the following in the GUI: login.OAuthLogin(NewTransportWithCode)
If I check the logs I get this:
t=2021-03-30T21:08:50+0000 lvl=eror msg=login.OAuthLogin(NewTransportWithCode) logger=context userId=0 orgId=0 uname= error=“invalid character ‘<’ looking for beginning of value”
t=2021-03-30T21:08:50+0000 lvl=eror msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/azuread status=500 remote_addr=192.168.176.1 time_ms=102 size=1744 referer=https://login.microsoftonline.com/
My scouring of the internets have told me that the invalid character error comes from the fact that an HTML-page is returned instead of JSON. But the question is why?
I followed the above mentioned guide and my Docker-config looks like this:
- GF_AUTH_AZUREAD_NAME=Azure AD
- GF_AUTH_AZUREAD_CLIENT_ID=<application id>
- GF_AUTH_AZUREAD_CLIENT_SECRET=<client secret>
- GF_AUTH_AZUREAD_SCOPES=openid email profile
- GF_AUTH_AZUREAD_AUTH_URL=https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/authorize
- GF_AUTH_AZUREAD_TOKEn_URL=https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/token
As far as I can tell this is how it should be according to the documentation. What am I doing wrong or what can I do to try and get more meaningfull information for troubleshooting?