Auth: Add tls_client_cert to OAuth section in defaults.ini. #64746 (#68228)

* Auth: Add tls_client_cert to defaults.ini #64746 Signed-off-by: junya koyama <arukiidou@yahoo.co.jp> * Auth: Add tls_client_cert to docs #64746 Signed-off-by: junya koyama <arukiidou@yahoo.co.jp> * Auth: Add more `tls_client_cert` for docs Signed-off-by: junya koyama <arukiidou@yahoo.co.jp> * Update docs/sources/setup-grafana/configure-security/configure-authentication/gitlab/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Revert "Update docs/sources/setup-grafana/configure-security/configure-authentication/gitlab/index.md" This reverts commit f4f1fda7526bf4af05507bc0dc26e808687514eb. Signed-off-by: junya koyama <arukiidou@yahoo.co.jp> --------- Signed-off-by: junya koyama <arukiidou@yahoo.co.jp> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2025-02-25 18:55:37 -06:00 · 2023-05-26 21:15:19 +09:00
parent 283c1c7dbe
commit d208bf3345
3 changed files with 32 additions and 0 deletions
--- a/docs/sources/setup-grafana/configure-security/configure-authentication/gitlab/index.md
+++ b/docs/sources/setup-grafana/configure-security/configure-authentication/gitlab/index.md
@@ -62,6 +62,9 @@ role_attribute_path =
 role_attribute_strict = false
 allow_assign_grafana_admin = false
 tls_skip_verify_insecure = false
+tls_client_cert =
+tls_client_key =
+tls_client_ca =
 ```

 You may have to set the `root_url` option of `[server]` for the callback URL to be
@@ -82,6 +85,14 @@ to login on your Grafana instance.
 You can limit access to only members of a given group or list of
 groups by setting the `allowed_groups` option.

+You can also specify the SSL/TLS configuration used by the client.
+
+- Set `tls_client_cert` to the path of the certificate.
+- Set `tls_client_key` to the path containing the key.
+- Set `tls_client_ca` to the path containing a trusted certificate authority list.
+
+`tls_skip_verify_insecure` controls whether a client verifies the server's certificate chain and host name. If it is true, then SSL/TLS accepts any certificate presented by the server and any host name in that certificate. _You should only use this for testing_, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.
+
 ### Configure refresh token

 > Available in Grafana v9.3 and later versions.
@@ -142,6 +153,9 @@ role_attribute_path = is_admin && 'Admin' || 'Viewer'
 role_attribute_strict = true
 allow_assign_grafana_admin = false
 tls_skip_verify_insecure = false
+tls_client_cert =
+tls_client_key =
+tls_client_ca =
 ```

 ### Configure automatic login