Hello! I’m hoping someone can help me out here because I’m having a hard time figuring this out. I have configured a Grafana 7.1.3 container to use Azure AD for authentication and that piece is working fine. I can log in without issue. However, when I try to forward my Oauth credentials on to a Prometheus data source things seem to fall apart. I expected to see an
Authorization: Bearer <TOKEN> header attached to the request but I found no such header. Is there some sort of specific configuration I need to add to the
[auth.azuread] config to enable this functionality? All the recommended configurations from the Grafana docs have been applied on the Azure AD side. Find below the config I’m using.
[auth.azuread] name = Azure AD enabled = true allow_sign_up = false client_id = <MYID> client_secret = <SHHHH> scopes = openid email profile auth_url = https://login.microsoftonline.com/<MYTENANT>/oauth2/v2.0/authorize token_url = https://login.microsoftonline.com/<MYTENANT>/oauth2/v2.0/token allowed_domains = mydomain.com, mydomain.net allowed_groups =
Edit for additional information:
Also strange to me is that upon trying to save and test adding the Prometheus data source to forward the Oauth credentials I’m prompted for a username and password. Is that expected behavior? Does a user that has authenticated via Azure AD need to re-authenticate when adding a data source?