Regarding grafana integration with Keycloak OAuth2. Currently facing an issue where after the login page of keylock and the credential are put it login redirects to grafana website with port 3000. This is the error
This site can’t be reached grafana.xxx.xx.xx refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED.
But if the 3000 is removed from the link it opend the grafana page
grafana.xxx.xxx.xxx:3000/login/generic_oauth?state=xxxxxx
So when the 3000 is removed it loads the grafana page.
Have grafana install from helm chart below are the settings from the values.yaml
grafana.ini:
auth.generic_oauth:
enabled: true
tls_skip_verify_insecure: true
name: Keycloak-OAuth
allow_sign_up: true
client_id: grafana-sso
client_secret: xxxxxxxxxxxxx
scopes: openid email profile offline_access roles web-origins
email_attribute_path: email
login_attribute_path: username
name_attribute_path: full_name
auth_url: 'xxx://ssoxxxx.xxx.xxx/auth/realms/xxx/protocol/openid-connect/auth'
token_url: 'xxxx://ssoxxxx.xxx.xxx/auth/realms/xxx/protocol/openid-connect/token'
api_url: 'xxx://ssoxxxx.xxx.xxx/realms/xxx/protocol/openid-connect/userinfo'
role_attribute_path: contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
server:
domain: grafanaxxx.xxx.xxx
Keycloak Settings:
* Root URL: xxx://grafana.xxx.xxx.xx/
* Valid Redirect URIs: "*" (have wildcard here because using the url/login/generic_oauth gave Invalid parameter: redirect_uri)
* Base URL: xxxx://grafana.xxx.xxx.xx/
* Admin URL: xxx://grafana.xxx.xxx.xx/