-
What Grafana version and what operating system are you using?
I am using Linux VM on azure and grafana v9.5.5 on docker -
What are you trying to achieve?
I am trying to authenticate Grafana with keycloak AD. -
How are you trying to achieve it?
I am integrating (configuring) keycloak with grafana I have done the configuration like you can see these configuration
#################################### Generic OAuth ##########################
[auth.generic_oauth]
enabled = true
name = Keycloak-OAuth
allow_sign_up = true
;auto_login = false
client_id = grafana-oauth
client_secret = edY0A21uYADOlm9Tm6w8ThsWwZMSIOHR
scopes = openid email profile offline_access roles
;empty_scopes = false
;email_attribute_name = email:primary
email_attribute_path = email
login_attribute_path = username
name_attribute_path = full_name
;id_token_attribute_name =
auth_url = https://keycloak.mynew.com:8443/realms/AD/protocol/openid-connect/auth
token_url = https://keycloak.mynew.com:8443/realms/AD/protocol/openid-connect/token
api_url = https://keycloak.mynew.com:8443/realms/AD/protocol/openid-connect/userinfo
;teams_url =
;allowed_domains =
;team_ids =
;allowed_organizations =
role_attribute_path = contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
;role_attribute_strict = false
groups_attribute_path = groups
;team_ids_attribute_path =
;tls_skip_verify_insecure = false
;tls_client_cert =
;tls_client_key =
;tls_client_ca =
;use_pkce = false
;auth_style =
allow_assign_grafana_admin = true
- What happened?
after clicking on “Sign in with keycloak-OAuth”
getting this error in keycloak container logs
2023-08-06 07:48:04,029 WARN [org.keycloak.events] (executor-thread-242) type=LOGIN_ERROR, realmId=323fec05-a250-4497-84f7-95fa2654b97e, clientId=grafana-oauth, userId=null, ipAddress=172.190.104.173, error=invalid_redirect_uri, redirect_uri=grafana.mynew.com:7443/login/generic_oauth
-
What did you expect to happen?
It should open the login page on keycloak. -
Can you copy/paste the configuration(s) that you are having problems with?
Yes, I have pasted the grafana cong above -
Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
Here are the grafana logs
logger=context userId=0 orgId=0 uname= t=2023-08-06T07:57:24.171323458Z level=info msg="Request Completed" method=GET path=/login/generic_oauth status=302 remote_addr=172.190.104.173 time_ms=0 duration=643.113µs size=315 referer=https://grafana.mynew.com:7443/login handler=/login/:name -
Did you follow any online instructions? If so, what is the URL?
Configure Keycloak OAuth2 authentication | Grafana documentation
