Grafana with Keycloak generic OAuth

flodumi · November 20, 2020, 2:03pm

hello,
I have a problem to get this setup working.
I’ve followed the docs I’ve found to setup both Grafana and Keycloak

My issue: when I press the button for Oauth login, I’m redirected to Keycloak to provide user and pass.
After this I am inside Grafana but I get a “Page not found error 404 Error”.

From the log file:
t=2020-11-20T13:55:47+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=302 remote_addr=10.10.163.112 time_ms=0 size=362 referer=http://grafana.local:32111/login
t=2020-11-20T13:55:49+0000 lvl=dbug msg=“Scheduling update” logger=alerting.scheduler ruleCount=0
t=2020-11-20T13:55:53+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=POST path=/realms/flo/login-actions/authenticate status=404 remote_addr=10.10.163.112 time_ms=3 size=27826 referer=

If I navigate to any other menus I get the: Failed to fetch Dashboard - Unauthenticated message, and in the logs:
t=2020-11-20T13:57:58+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/api/dashboards/home status=401 remote_addr=10.10.163.112 time_ms=0 size=31 referer=http://grafana.local:32111/

My grafana config:
env:
- name: GF_SERVER_DOMAIN
value: “grafana.local”
- name: GF_SERVER_PROTOCOL
value: “http”
- name: GF_SERVER_HTTP_PORT
value: “32111”
- name: GF_SERVER_ROOT_URL
value: “http://grafana.local:32111”
- name: GF_AUTH_GENERIC_OAUTH_ENABLED
value: “true”
- name: GF_AUTH_GENERIC_OAUTH_NAME
value: “grafana oauth”
- name: GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP
value: “true”
- name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
value: “flo”
- name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
value: “xxxxxxxxxxxxxx”
- name: GF_AUTH_GENERIC_OAUTH_AUTH_URL
value: “https//keycloak:8443/auth/realms/flo/protocol/openid-connect/auth”
- name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL
value: “https//keycloak:8443/auth/realms/flo/protocol/openid-connect/token”
- name: GF_AUTH_GENERIC_OAUTH_API_URL
value: “https//keycloak:8443/auth/realms/flo/protocol/openid-connect/userinfo”
- name: GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH
value: “contains(roles[], ‘admin’) && ‘Admin’ || contains(roles[], ‘editor’) && ‘Editor’ || ‘Viewer’”
- name: GF_AUTH_GENERIC_OAUTH_SCOPES
value: “user:email,read:org”
- name: GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_NAME
value: “email:primary”
- name: GF_LOG_FILTERS
value: “auth:debug”
- name: GF_DEFAULT_APP_MODE
value: “development”
- name: GF_DEFAULT_INSTANCE_NAME
value: “grafana.local”

Can you give some advice on what can be the issue?

Thank you,
Florin

flodumi · November 20, 2020, 3:33pm

Investigating more looks like keycloak is not redirecting to grafana:

http://grafana.local:32111/realms/flo/login-actions/authenticate?client_id=flo&execution=16d99e7e-6819-49a5-88ac-1abf0a582160&session_code=63kfj9HOHnisr1XVrdTJJ67XuPze-0g0T-HxFEsxmDo&tab_id=FlpRiYACnVc

This is where I get the 404 Error.

mila271143 · January 11, 2021, 9:39am

Hi, did you have found a solution for that issue?
Same problem