I’ve been trying today to integrate Grafana with IdentityServer4 without much luck, so far I have been able to verify my credentials in IdentityServer, obtain an authentication code which Grafana is swapping for a valid Access/id token pair.
This is where things start to go wrong!
Identity server returns it’s details back using it’s own namespace definition so all attributes start with
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/ and Grafana fails to consume any of the returned info - and sign in fails as a valid email address can’t be obtained!
I used JMESPath Tutorial — JMESPath to build out a valid email_attribute_path which works in the tutorial test tools but when applied to Grafana config fails to work with the following error message…
lvl=eror msg=“Failed to search JSON for attribute” logger=oauth.generic_oauth error=“failed to search user info JSON response with provided path: “…ws/2005/05/identity/claims/emailaddress”: SyntaxError: Unknown char: ‘/’”
My grafana.ini auth config is
enabled = true
allow_sign_up = false
name = IDS
client_id = ********
client_secret = ************
scopes = hub openid profile email
email_attribute_path = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
auth_url = https :// localhost:4431 / connect / authorize
token_url = http :// host.docker.internal:5001 /connect/token
api_url = http ://host.docker.internal:5001 /connect/userinfo
Any ideas or thoughts for what I can try next?