IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Auth: lock down Grafana admin sync for SAML (#72828)

Browse Source 
lock down Grafana admin sync for SAML
This commit is contained in:
Ieva 2023-08-03 17:02:40 +01:00 committed by GitHub
parent 5d99fdeb46
commit 3a2538c2ca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/services/login/authinfo.go
View File

@ -125,6 +125,8 @@ func IsGrafanaAdminExternallySynced(cfg *setting.Cfg, authModule string, oAuthAn
switch authModule { switch authModule {
case JWTModule: case JWTModule:
return cfg.JWTAuthAllowAssignGrafanaAdmin return cfg.JWTAuthAllowAssignGrafanaAdmin
case SAMLAuthModule:
return cfg.SAMLRoleValuesGrafanaAdmin != ""
case LDAPAuthModule: case LDAPAuthModule:
return true return true
default: default:

2
pkg/setting/setting.go
View File

@ -519,6 +519,7 @@ type Cfg struct {
// SAML Auth // SAML Auth
SAMLAuthEnabled bool SAMLAuthEnabled bool
SAMLSkipOrgRoleSync bool SAMLSkipOrgRoleSync bool
SAMLRoleValuesGrafanaAdmin string
// Okta OAuth // Okta OAuth
OktaAuthEnabled bool OktaAuthEnabled bool
@ -1265,6 +1266,7 @@ func (cfg *Cfg) readSAMLConfig() {
samlSec := cfg.Raw.Section("auth.saml") samlSec := cfg.Raw.Section("auth.saml")
cfg.SAMLAuthEnabled = samlSec.Key("enabled").MustBool(false) cfg.SAMLAuthEnabled = samlSec.Key("enabled").MustBool(false)
cfg.SAMLSkipOrgRoleSync = samlSec.Key("skip_org_role_sync").MustBool(false) cfg.SAMLSkipOrgRoleSync = samlSec.Key("skip_org_role_sync").MustBool(false)
cfg.SAMLRoleValuesGrafanaAdmin = samlSec.Key("role_values_grafana_admin").MustString("")
} }
func (cfg *Cfg) readLDAPConfig() { func (cfg *Cfg) readLDAPConfig() {