I have enabled [auth.generic_oauth] section in grafana.ini in order to login grafana gui from keycloak. After integration, I am able to login in grafana ui using keycloak authentication.
Now for other requirement, I need to call Grafana alert manager’s alerting APIs from backend code (for testing purpose, as of now I am using curl). After integration with keycloak (as mentioned above with auth.generic_oauth), API calls for service account creation and service token are failed.
In order to make it work, I have enabled auth.proxy in grafana.ini as below -
[auth.proxy]
enabled = true
header_name = X-Authenticated-User
header_property = username
auto_sign_up = true
sync_ttl = 15
whitelist = some_ipv4_ip
headers =
headers_encoded = false
enable_login_token = true
So what does this setting means in grafan.ini, Does grafana act as auth proxy server if yes, then how authentication happening with this setting as there is no option to provide the credentials.
If Grafana doesn’t act as auth proxy server and some external auth proxy server required then how it would be provided in the setting. If possible provide some examples.
Thanks,
Gaurav