Hi Team
Pleasure to be part of the Grafana community! I need assistance configuring Grafana to use OKTA authentication on a Linux Ubuntu 22 VM.
I have followed the documentation and configured the grafana.ini
file as instructed, but I am encountering the following error:
“Unable to receive token from provider.”
I tried increasing the token timeout and even disabling it, but the issue persists.
Grafana Version:
Version 11.3.0+security-01
Config:-
######################## Okta OAuth
[auth.okta]
name = Okta
enabled = true
allowsignup = true
clientid = 0oaien09bo0CRy#####
client_secret = wEhC9UJnwEhpM3PC6bYdaJnoZNnC6oR1Lhzu################
scopes = openid profile email
emailattributename = email:primary
authurl = <my okta URL + /authorize>
tokenurl = <my okta URL + / token>
apiurl = <my okta URL + /userinfo>
signoutredirect_url =
alloweddomains = * redirecturi = https://cxo-esops-grafana-prod-vm01.cxo.storage.hpecorp.net/login/okta
allowed_groups = *
roleattributestrict = true
skiporgrole_sync = true
usepkce = true
userefreshtoken = true
######################## Server
[server]
root_url = https://cxo-esops-grafana-prod-vm01.cxo.storage.hpecorp.net/
################################
[auth]
tokenrotationinterval_minutes = 15
[feature_toggles]
enable = true
clientTokenRotation=false
;feature1 = true
;feature2 = false
####################### And this too
[feature_toggles]
enable = clientTokenRotation
clientTokenRotation=false
;feature1 = true
;feature2 = false
Logs:-
ll of teams:read, any of teams:write, teams.permissions:write, teams.permissions:read)"
logger=accesscontrol t=2024-11-24T10:48:34.896110679-07:00 level=debug msg=“No permissions set” id=:0 orgID=0 permissions=“any(serviceaccounts:read serviceaccounts:create)”
logger=accesscontrol t=2024-11-24T10:48:34.896374322-07:00 level=debug msg=“No permissions set” id=:0 orgID=0 permissions=“action:apikeys:read scopes:”
logger=accesscontrol t=2024-11-24T10:48:34.896419567-07:00 level=debug msg=“No permissions set” id=:0 orgID=0 permissions=“any(settings:read settings:write settings:read settings:write settings:read settings:write settings:read settings:write settings:read settings:write settings:read settings:write)”
logger=accesscontrol t=2024-11-24T10:48:34.896441022-07:00 level=debug msg=“No permissions set” id=:0 orgID=0 permissions=“any(support.bundles:read support.bundles:create)”
logger=accesscontrol t=2024-11-24T10:48:34.896651299-07:00 level=debug msg=“No permissions set” id=:0 orgID=0 permissions=“any(dashboards:create folders:create)”
logger=ngalert.scheduler t=2024-11-24T10:48:40.001477473-07:00 level=debug msg=“Alert rules fetched” rulesCount=0 foldersCount=0 updatedRules=0
logger=authn.service t=2024-11-24T10:48:44.62948088-07:00 level=debug msg=“Failed to authenticate request” client=auth.client.session error=“[session.token.rotate] token needs to be rotated”
logger=context userId=0 orgId=0 uname= t=2024-11-24T10:48:44.629773714-07:00 level=info msg=“Request Completed” method=GET path=/dashboards/api/live/ws status=302 remoteaddr=10.157.254.81 time ms=1 duration=1.827054ms size=47 referer= handler=/dashboards/* statussource=server logger=authn.service t=2024-11-24T10:48:48.238048502-07:00 level=debug msg=“Failed to authenticate request” client=auth.client.session error=“[session.token.rotate] token needs to be rotated” logger=context userId=0 orgId=0 uname= t=2024-11-24T10:48:48.238206447-07:00 level=info msg=“Request Completed” method=GET path=/dashboards/api/live/ws status=302 remote addr=10.157.254.81 timems=1 duration=1.060872ms size=47 referer= handler=/dashboards/ status* source=server
logger=ngalert.scheduler t=2024-11-24T10:48:50.00214898-07:00 level=debug msg=“Alert rules fetched” rulesCount=0 foldersCount=0 updatedRules=0
logger=authn.service t=2024-11-24T10:48:53.063609158-07:00 level=debug msg=“Failed to authenticate request” client=auth.client.session error=“[session.token.rotate] token needs to be rotated”
logger=context userId=0 orgId=0 uname= t=2024-11-24T10:48:53.063739171-07:00 level=info msg=“Request Completed” method=GET path=/dashboards/api/live/ws status=302 remoteaddr=10.157.254.81 time ms=0 duration=739.14µs size=47 referer= handler=/dashboards/* status_source=server