Saltar al contenido principal

Grafana

Grafana supports generic OAuth. Use Casdoor as the IdP so users sign in to Grafana with their Casdoor accounts. Ensure Grafana is installed and running.

Step 1: Create a Casdoor application for Grafana

Create an application in Casdoor and add Grafana’s callback URL. Default Grafana OAuth callback path: /login/generic_oauth, so the full redirect URL is https://<grafana-host>/login/generic_oauth. Copy the Client ID and Client Secret.

Create an application in Casdoor

Step 2: Configure Grafana

Edit the Grafana config (e.g. conf/defaults.ini or your custom config). Find or add [auth.generic_oauth] and set:

[auth.generic_oauth]
name = Casdoor
icon = signin
enabled = true
allow_sign_up = true
client_id = <client ID from previous step>
client_secret = <client secret from previous step>
auth_url = <Casdoor endpoint>/login/oauth/authorize
token_url = <Casdoor endpoint>/api/login/oauth/access_token

HTTPS

If Casdoor or Grafana is not using HTTPS, set tls_skip_verify_insecure = true.

Redirect after sign-in

If the post-login redirect is wrong, set root_url in [server]:

[server]
http_port = 3000
# The public-facing domain name used to access Grafana from a browser
domain = <your IP here>
# The full public-facing URL
root_url = %(protocol)s://%(domain)s:%(http_port)s/

Enlaces relacionados:

  1. Documentación de Grafana

  2. Grafana defaults.ini

Acerca del Mapeo de Roles

Es posible que quieras configurar role_attribute_path para mapear el rol de tu usuario a Grafana vía role_attribute_path.

[auth.generic_oauth]
role_attribute_path = contains(roles[*].name, 'admin') && 'Admin' || contains(roles[*].name, 'editor') && 'Editor' || 'Viewer'
role_attribute_strict = true
allow_assign_grafana_admin = true

The JMESPath expression after role_attribute_path is important; see the Grafana docs.

Paso 3: Ver si funciona

Apaga Grafana y reinícialo.

Ve a la página de inicio de sesión. Deberías ver algo como esto:

Resultado final