Grafana
在 Grafana 中使用 Casdoor 进行身份验证
Grafana 支持通过 Oauth 进行认证。 因此,用户在Grafana上登录变得非常容易。 只有几个步骤和简单的配置就能做到这一点。
这是一个使用 Grafana 的 Cassdoor 进行身份验证的教程。 在您继续之前,请确保您已安装 grafana 并正在运行。
Step 1 Create an app for Grafana in Casdoor
这是一个在 Casdoor 中创建应用程序的示例
请复制 client secret 和 client ID以便下一步操作 。
Please add the callback url of Grafana. By default, Grafana's oauth callback is /login/generic_oauth
. 所以请正确地拼接这个 url 。
Step 2: Modify the configuration of Grafana
By default the configuration file for oauth locates at conf/defaults.ini
in the workdir of Grafana.
请找到 auth.generic_oauth
并修改以下字段:
[auth.generic_oauth]
name = Casdoor
icon = signin
enabled = true
allow_sign_up = true
client_id = <client id in previous step>
client_secret = <client secret in previous step>
auth_url = <endpoint of casdoor>/login/oauth/authorize
token_url = <endpoint of casdoor>/api/login/oauth/access_token
About HTTPS
If you don't want HTTPS enabled for casdoor or if you deploy grafana without HTTPS enabled, please also set tls_skip_verify_insecure = true
About redirectURI after Sign In With Casdoor
If the redirect uri is not right after Sign In with Casdoor in Grafana, you may want to configure root_url
[server]
http_port = 3000
# The public facing domain name used to access grafana from a browser
domain = <your ip here>
# The full public facing url
root_url = %(protocol)s://%(domain)s:%(http_port)s/
related links:
About Role Mappping:
You may want to configure role_attribute_path to map your user's role to Grafana via role_attribute_path
[auth.generic_oauth]
role_attribute_path = contains(roles[*].name, 'admin') && 'Admin' || contains(roles[*].name, 'editor') && 'Editor' || 'Viewer'
role_attribute_strict = true
allow_assign_grafana_admin = true
the JMESPath expression after role_attribute_path is very important here. read grafana doc please
第3步:查看它是否正常运作。
Shutdown grafana and restart it.
Go to see the login page, you are supposed to see something like this