We are using our own idp (Identity Server 4 which supports oidc and oauth2) as external login with grafana. We defined our settings according to the documentation here:
auth_generic
When I check the idp request with fiddler I see something like the above. This is the basically the first request witthin the oauth2 flow.
GET /connect/authorize?access_type=online&client_id=[xxx]&redirect_uri=https%3A%2F%2F[xxx]%2Flogin%2Fgeneric_oauth&response_type=authorization_code&scope=openid&state=rAI89cdttILkMSKbiGku0FeF8eywoP2xxAMnMbgIY6U0o%3D HTTP/1.1
From the request url you can see that it never tries to reach the external ipd otherwise there would be the host name for the external idp, It stays on the same server which is simply wrong. From the configuration we define the auth_url
, auth_url
and api_url
containing the full url for the external idp. (The urls are basically copied from the Identity Server discovery endpoint)
When we copy the /GET request from above into the browser and add the idp host in front we’re landing on the external ipd displaying the login form. That is actually what we would expect to happen.
So what do we have to configure to tell grafana to send the request to an external idp? Apparently we miss something here.