Grafana with Azure Traffic Managers and Azure AD

  • What Grafana version and what operating system are you using?

6.7.4 deployed in Azure Kubernetes clusters

  • What are you trying to achieve?

We want to have multiple Grafana instances, each with its own URL. The Grafana instances can be accessed either:

  • directly, through its URL
  • or by going to a global URL (‘grafana-global’, which uses an Azure Traffic Manager to direct traffic to a randomly chosen Grafana instance

In both cases authentication is provided by Azure Active Directory.

  • How are you trying to achieve it?

Setting up an Azure Traffic Manager profile, ‘grafana-global’, which has each individual Grafana URL configured as an endpoint.

  • What happened?

Accessing an individual Grafana (using its direct URL) works as expected.

When using the ‘grafana-global’ URL, I am prompted to log in with Azure Active Directory. This redirects me to AAD, where I log in. Upon being returned to Grafana, I am returned to a specific Grafana URL (rather than ‘grafana-global’) with the error message “login.OAuthLogin(missing saved state)”.

I believe the issue is that my initial login request (from ‘grafana-global’) provides a cookie, which does not match the cookie provided by the specific Grafana instance.

  • What did you expect to happen?

I would expect that, after logging in with Azure AD, I would be redirected back to ‘grafana-global’, with no error messages. This is how other applications with GUIs in the same deployment function.

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.

In Grafana UI: “login.OAuthLogin(missing saved state)”
Grafana container logs, when this error is seen: “t=2021-09-07T14:52:00+0000 lvl=eror msg=“Request Completed” logger=context userId=2 orgId=1 uname= method=GET path=/login/azuread status=500 remote_addr= time_ms=1 size=1742 referer=https://login.microsoftonline.com/”

Any help / tips anyone has on this would be much appreciated - thanks in advance.