Skip to main content

Grafana

Using Casdoor for authentication in Grafana

Grafana supports authentication via Oauth. Therefore it is extremely easy for users to use casdoor to log in in Grafana. Only several steps and simple configurations can achieve that.

Here is a tutorial to use Casdoor for authentication in Grafana. Before you proceed, please ensure that you have grafana installed and running.

Step 1 Create an app for Grafana in Casdoor

Here is an example of creating an app in Casdoor

Please copy the client secret and client id for the next step.

Please add the callback url of Grafana. By default, Grafana's oauth callback is /login/generic_oauth. So please concatenate this url correctly.

Step 2: Modify the configuration of Grafana

By default the configuration file for oauth locates at conf/defaults.ini in the workdir of Grafana.

Please find the section auth.generic_oauth and modify the following field:

[auth.generic_oauth]
name = Casdoor
icon = signin
enabled = true
allow_sign_up = true
client_id = <client id in previous step>
client_secret = <client secret in previous step>
auth_url = <endpoint of casdoor>/login/oauth/authorize
token_url = <endpoint of casdoor>/api/login/oauth/access_token

About HTTPS

If you don't want HTTPS enabled for casdoor or if you deploy grafana without HTTPS enabled, please also set tls_skip_verify_insecure = true

About redirectURI after Sign In With Casdoor

If the redirect uri is not right after Sign In with Casdoor in Grafana, you may want to configure root_url

[server]
http_port = 3000
# The public facing domain name used to access grafana from a browser
domain = <your ip here>
# The full public facing url
root_url = %(protocol)s://%(domain)s:%(http_port)s/

related links:

  1. Grafana doc

  2. Grafana defaults.ini

About Role Mappping:

You may want to configure role_attribute_path to map your user's role to Grafana via role_attribute_path

[auth.generic_oauth]
role_attribute_path = contains(roles[*].name, 'admin') && 'Admin' || contains(roles[*].name, 'editor') && 'Editor' || 'Viewer'
role_attribute_strict = true
allow_assign_grafana_admin = true

the JMESPath expression after role_attribute_path is very important here. read grafana doc please

Step3: See whether it works

Shutdown grafana and restart it.

Go to see the login page, you are supposed to see something like this