Using Casdoor for authentication in Grafana
Grafana supports authentication via Oauth. Therefore it is extremely easy for users to use casdoor to log in in Grafana. Only several steps and simple configurations can achieve that.
Here is a tutorial to use Casdoor for authentication in Grafana. Before you proceed, please ensure that you have grafana installed and running.
Step 1 Create an app for Grafana in Casdoor
Here is an example of creating an app in Casdoor
Please copy the client secret and client id for the next step.
Please add the callback url of Grafana. By default, Grafana's oauth callback is
/login/generic_oauth. So please concatenate this url correctly.
Step 2: Modify the configuration of Grafana
By default the configuration file for oauth locates at
conf/defaults.ini in the workdir of Grafana.
Please find the section
auth.generic_oauth and modify the following field:
name = Casdoor
icon = signin
enabled = true
allow_sign_up = true
client_id = <client id in previous step>
client_secret = <client secret in previous step>
auth_url = <endpoint of casdoor>/login/oauth/authorize
token_url = <endpoint of casdoor>/api/login/oauth/access_token
If you don't want HTTPS enabled for casdoor or if you deploy grafana without HTTPS enabled, please also set
tls_skip_verify_insecure = true
About redirectURI after Sign In With Casdoor
If the redirect uri is not right after Sign In with Casdoor in Grafana, you may want to configure root_url
http_port = 3000
# The public facing domain name used to access grafana from a browser
domain = <your ip here>
# The full public facing url
root_url = %(protocol)s://%(domain)s:%(http_port)s/
About Role Mappping:
You may want to configure role_attribute_path to map your user's role to Grafana via role_attribute_path
role_attribute_path = contains(roles[*].name, 'admin') && 'Admin' || contains(roles[*].name, 'editor') && 'Editor' || 'Viewer'
role_attribute_strict = true
allow_assign_grafana_admin = true
the JMESPath expression after role_attribute_path is very important here. read grafana doc please
Step3: See whether it works
Shutdown grafana and restart it.
Go to see the login page, you are supposed to see something like this