Grafana - keycloak openid connect integration

  • What Grafana version and what operating system are you using?

Version 9.1.5 (commit: df015a9301, branch: HEAD)
Ubuntu 18.04.6 LTS

  • What are you trying to achieve?

Trying to use keycloak for SSO with grafana.

  • How are you trying to achieve it?


protocol = http
domain = localhost
root_url = http    ://

enabled = true
name = OIDC
;allow_sign_up = true
client_id = dra-grafana
client_secret = A5wrlAYIb7qc2TQejdgtyxAQPFIGfRdw
scopes = openid profile email
;empty_scopes = false
;email_attribute_name = email:primary
;email_attribute_path =
;login_attribute_path =
;name_attribute_path =
;id_token_attribute_name =
auth_url = http  ://
token_url = http ://
api_url = http ://
;teams_url =
;allowed_domains =
;team_ids =
;allowed_organizations =
;role_attribute_path =
;role_attribute_strict = false
;groups_attribute_path =
;team_ids_attribute_path =
;tls_skip_verify_insecure = false
;tls_client_cert =
;tls_client_key =
;tls_client_ca =
use_pkce = false
;auth_style =
  • What happened?
logger=context traceID=00000000000000000000000000000000 userId=0 orgId=0 uname= t=2022-11-16T05:39:38.099765531Z level=info msg="Request Completed" method=GET path=/login/generic_oauth status=302 remote_addr= time_ms=1 duration=1.148735ms size=322 referer= traceID=00000000000000000000000000000000 handler=/login/:name
logger=oauth t=2022-11-16T05:39:40.429163512Z level=info msg="state check" queryState=37317a2e60432e903fb058be6fbcc833f5f5dfd9ec3cc02be8782e5b8eaeb92f cookieState=37317a2e60432e903fb058be6fbcc833f5f5dfd9ec3cc02be8782e5b8eaeb92f
logger=oauth.generic_oauth t=2022-11-16T05:39:40.475729679Z level=error msg="Error getting email address" url=http 
   :// error="{\"error\":\"RESTEASY003210: Could not find resource for full path:\"}"
  • What did you expect to happen?

Successful login page.

  • Can you copy/paste the configuration(s) that you are having problems with?

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.

login.OAuthLogin(get info from generic_oauth)

  • Did you follow any online instructions? If so, what is the URL?

Check this Connection to Keycloak broken, possibly due to a Grafana upgrade

thank you so much … I had the same issue as documented in the link pointed and was able to get grafana working with keycloak