I have a web application which has a login page and it returns me lot of reports . To dashboard those data I am using Grafana. I want to integrate SSO between my app and grafana. When user login’s to my web application he should be logged into grafana too. To do this I went through grafana documentation. I didn’t understand much. I tried with google.auth but is not right way for my requirement. It should be possible to login using the credentials which are used to login to my web application. Any work around for this??
You can use an authentication proxy in front of Grafana to let it know that the user should be logged in.
Thanks for your response This is my configuration
enabled = true
header_name = X-WEBAUTH-USER
header_property = username
auto_sign_up = true
ldap_sync_ttl = 60
I am executing
curl -H “X-WEBAUTH-USER: anthony” http://localhost:3000/api/user
It creates a user in grafana but user has not logged into grafana.
How can I get rid of this issue??
You are calling the Grafana http API to create new user in this case.
You will have to use a reverse proxy like Apache or NGINX or any other proxy and make the respective configuration in it like this: http://docs.grafana.org/tutorials/authproxy/#apache-basicauth
in order to log the user in Grafana
Is it possible that grafana accepts base64 token in ```
I'm using kong-oidc openid connect auth plug-in which sends X-userinfo which is base64 encoded result from userinfo endpoint of the auth provider
Hi Team mahadev,
Did this SSO setting sucessfully done?
We have a use care to enable SSO now in Grafana which has LDAP configured. It would be helpful if someone help on step by step.
I am able to configure SSO between my application and Grafana using Apache and Ldap.
Thanks mahadev. Happy to hear from you.
We have LB as NGINX . So can you help us with configuration details to achieve it?
Have you configured LDAP to Grafana prior using SSO?
This might help you for nginx proxy implementation,
Hi, and is it possible hide standard auth-dialog box of Apache? I think that - because of the RequestHeader unset Authorization directive - this is not possible.