Setting SSO for Grafana

I have a web application which has a login page and it returns me lot of reports . To dashboard those data I am using Grafana. I want to integrate SSO between my app and grafana. When user login’s to my web application he should be logged into grafana too. To do this I went through grafana documentation. I didn’t understand much. I tried with google.auth but is not right way for my requirement. It should be possible to login using the credentials which are used to login to my web application. Any work around for this??

You can use an authentication proxy in front of Grafana to let it know that the user should be logged in.

http://docs.grafana.org/tutorials/authproxy/

@dcech
Thanks for your response This is my configuration

[auth.proxy]
enabled = true
header_name = X-WEBAUTH-USER
header_property = username
auto_sign_up = true
ldap_sync_ttl = 60
whitelist =

I am executing

curl -H “X-WEBAUTH-USER: anthony” http://grafana.staged-by-discourse.com/api/user

It creates a user in grafana but user has not logged into grafana.

How can I get rid of this issue??

You are calling the Grafana http API to create new user in this case.

You will have to use a reverse proxy like Apache or NGINX or any other proxy and make the respective configuration in it like this: http://docs.grafana.org/tutorials/authproxy/#apache-basicauth
in order to log the user in Grafana

Is it possible that grafana accepts base64 token in ```
X-WEBAUTH-USER

I'm using kong-oidc openid connect auth plug-in which sends X-userinfo which is base64 encoded  result from userinfo endpoint of the auth provider

Hi Team mahadev,

Did this SSO setting sucessfully done?

We have a use care to enable SSO now in Grafana which has LDAP configured. It would be helpful if someone help on step by step.

Angel

Thanks ,
I am able to configure SSO between my application and Grafana using Apache and Ldap.

Mahadev

Thanks mahadev. Happy to hear from you.

We have LB as NGINX . So can you help us with configuration details to achieve it?

Have you configured LDAP to Grafana prior using SSO?

Angel

Hi @hemuangel17
This might help you for nginx proxy implementation,

Hi, and is it possible hide standard auth-dialog box of Apache? I think that - because of the RequestHeader unset Authorization directive - this is not possible.

Anyone can provide step by step tutorial on setting up reverse proxy using nginx for grafana in window?

still not solve in my laravel apps. I already set in “grafana.ini” :

[auth.proxy]
enabled = true
header_name = X-WEBAUTH-USER
header_property = username
auto_sign_up = false
ldap_sync_ttl = 60

I execute in my controller to redirect dashboard like this.
return redirect()->away(‘https://community.grafana.com/dashboards’, 302,[‘X-WEBAUTH-USER’, $req->session()->get(‘dataLogged’)[‘username’]]);

can you please give me advice to solve that