-
What Grafana version and what operating system are you using?
Grafana 10.4.2 on Linux -
What are you trying to achieve?
Assign a user into an Organization via Generic OAuth -
How are you trying to achieve it?
org_attribute_path: org
org_mapping: main-org:1:Admin, org-nameA:2:Viewer, org-nameB:3:Viewer
role_attribute_path: role
With an auth token as such:
{ ... "org:" { "org-nameA" }, "role": { "Viewer" }, ... } -
What happened?
User is always put into the main organization with whichever role is found in the auth token, and never the organization as specified in theorgsection of the token. -
What did you expect to happen?
User with the above token is put into organization namedorg-nameAwithViewerrole. -
Can you copy/paste the configuration(s) that you are having problems with?
grafana.ini: server: domain: <redacted> log: filters: oauth.generic_oath:debug auth: disable_login_form: false auth.generic_oauth: enabled: true auth_url: <redacted> token_url: <redacted> api_url: <redacted> client_id: <redacted> scopes: profile email openid email_attribute_name: email name_attribute_path: unique_name role_attribute_path: role org_attribute_path: org org_mapping: 'main-org:1:Admin, org-NameA:2:Viewer, org-NameB:3:Viewer' allow_assign_grafana_admin: true users: auto_assign_org: false -
Additional details
- Getting the
rolefrom the token always works, yet the user is always put into Main Org. - I’ve tried using a JMESPath query, matching them to how the orgs are named in Grafana, like so:
contains(org[*], 'main-org') && 'Main Org.' || contains(org[*], 'org-nameA') && 'Org-NameA' || contains(org[*], 'org-nameB') && 'Org-NameB'
What am I not seeing? Nothing I try seems to accomplish my goal. Thank you.