IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Auth: lock down Grafana admin sync for SAML (#72828)

Browse Source 
lock down Grafana admin sync for SAML
This commit is contained in:
Ieva 2023-08-03 17:02:40 +01:00 committed by GitHub
parent 5d99fdeb46
commit 3a2538c2ca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/services/login/authinfo.go
View File

@ -125,6 +125,8 @@ func IsGrafanaAdminExternallySynced(cfg *setting.Cfg, authModule string, oAuthAn
switch authModule {
case JWTModule:
return cfg.JWTAuthAllowAssignGrafanaAdmin
case SAMLAuthModule:
return cfg.SAMLRoleValuesGrafanaAdmin != ""
case LDAPAuthModule:
return true
default:

6
pkg/setting/setting.go
View File

@ -517,8 +517,9 @@ type Cfg struct {
SecureSocksDSProxy SecureSocksDSProxySettings
// SAML Auth
SAMLAuthEnabled bool
SAMLSkipOrgRoleSync bool
SAMLAuthEnabled bool
SAMLSkipOrgRoleSync bool
SAMLRoleValuesGrafanaAdmin string
// Okta OAuth
OktaAuthEnabled bool
@ -1265,6 +1266,7 @@ func (cfg *Cfg) readSAMLConfig() {
samlSec := cfg.Raw.Section("auth.saml")
cfg.SAMLAuthEnabled = samlSec.Key("enabled").MustBool(false)
cfg.SAMLSkipOrgRoleSync = samlSec.Key("skip_org_role_sync").MustBool(false)
cfg.SAMLRoleValuesGrafanaAdmin = samlSec.Key("role_values_grafana_admin").MustString("")
}
func (cfg *Cfg) readLDAPConfig() {