I have the following configuration in my grafana.ini
#################################### Generic OAuth ##########################
[auth.generic_oauth]
enabled =true
allow_sign_up = true
#tls_client_cert = /etc/certs/fc340df001078e0e.crt
#tls_client_key = /etc/certs/lab.c-cor.com.key
#tls_client_ca = /etc/certs/gd_bundle-g2-g1.crt
# This is the Grafana client secret in the credentials tab in Keycloak.
client_id = grafana
client_secret = secret
auth_url = https://my.keycloak.domain:31443/auth/realms/TEST/protocol/openid-connect/auth
token_url = https://my.keycloak.domain:31443/auth/realms/TEST/protocol/openid-connect/token
api_url = https://my.keycloak.domain:31443/auth/realms/TEST/protocol/openid-connect/userinfo
There are 3 scenarios which I tested
-
Provide ips instead of domain names for keycloak endpoints, uncomment the tls cert, key and ca lines
works perfectly well -
Provide ips instead of domain names for keycloak endpoints, comment the tls cert, key and ca lines
works perfectly well -
Provide domain names for keycloak endpoints, comment the tls cert, key and ca lines
Fails with following error -
Post https://my.keycloak.domain:31443/auth/realms/MDC/protocol/openid-connect/token: x509: certificate is valid for localhost, not my.keycloak.domain" -
Provide domain names for keycloak endpoints, uncomment the tls cert, key and ca lines
Fails with following error -
Post https://my.keycloak.domain:31443/auth/realms/MDC/protocol/openid-connect/token: x509: certificate is valid for localhost, not my.keycloak.domain"
I am not sure why this is happening, any help is appreciated.