I’m trying to get Grafana to authenticate with Okta and I am using the instructions here: hhttps://grafana.com/docs/auth/generic-oauth/#set-up-oauth2-with-okta using the docker image provided by grafana.
The config looks like:
GF_AUTH_BASIC_ENABLED=“True”
GF_AUTH_GENERIC_OAUTH_CLIENT_API_URL="hhttps://company.oktapreview.com/oauth2/v1/userinfo
GF_AUTH_GENERIC_OAUTH_CLIENT_AUTH_URL="hhttps://company.oktapreview.com/oauth2/v1/authorize
GF_AUTH_GENERIC_OAUTH_CLIENT_ID=“MYID”
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=“MYSECRET”
GF_AUTH_GENERIC_OAUTH_CLIENT_TOKEN_URL="hhttps://compnay.oktapreview.com/oauth2/v1/token
GF_AUTH_GENERIC_OAUTH_ENABLED=“True”
GF_AUTH_GENERIC_OAUTH_NAME=“Okta”
GF_AUTH_GENERIC_OAUTH_SCOPES=“openid profile email”
GF_LOG_LEVEL=“debug”
GF_SERVER_DOMAIN=“grafana-dev.company.com”
GF_SERVER_PROTOCOL=“https”
GF_SERVER_ROOT_URL=“hhttps://grafana-dev.company.com/”
When I click on the oauth login the only thing I get in the logs is this:
t=2019-09-13T18:44:31+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=302 remote_addr=###### time_ms=0 size=261 referer=“hhttps://grafana-dev.company.com/login?access_type=online&client_id=0oandzes8imEguIlG0h7&redirect_uri=https:%2F%2Fgrafana-dev.company.com%2Flogin%2Fgeneric_oauth&response_type=code&scope=openid&state=4zMcHlaSQsV4tI5B7OT5mrc6Fl5wE42dLZcBi_WSpTs%3D”
If I have autologin set to true, it’ll just keep looping over and over until I an error that there were too many redirects.
Checking my cookies I have an oauth_state which is set, and a redirect_to cookie that is set to %252F
I’m not sure how to debug this any further, the okta admin says they see the client hitting the server, and the client isn’t throwing any error messages, it just won’t login.
Is there anything else I can check to debug this issue?
(Note all the hhttps above are intentional as new users can only post 2 links per post and those are being counted)
thanks,
matt
