IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
9abe9fa7029312d342a878de8ff13d87dd42134e
grafana/devenv/docker/blocks/jwt_proxy
History
Jguer b79b53cbdb JWT: Add JWT proxy setup devenv (#51731) 
* JWT: Add JWT Auth devenv

* Auth: JWT allow retrieving login token

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* JWT: Add JWT Auth Proxy devenv

* JWT: Add instructions to readme

* JWT: Add JWT users

* JWT: Remove oauth users

* revert session changes, unnecessary

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2022-07-07 10:28:04 -04:00
..
cloak.sql
JWT: Add JWT proxy setup devenv (#51731)
2022-07-07 10:28:04 -04:00
docker-build-keycloak-m1-image.sh
JWT: Add JWT proxy setup devenv (#51731)
2022-07-07 10:28:04 -04:00
docker-compose.yaml
JWT: Add JWT proxy setup devenv (#51731)
2022-07-07 10:28:04 -04:00
jwks.json
JWT: Add JWT proxy setup devenv (#51731)
2022-07-07 10:28:04 -04:00
readme.md
JWT: Add JWT proxy setup devenv (#51731)
2022-07-07 10:28:04 -04:00

readme.md

OAUTH BLOCK

Devenv setup jwt auth

To launch the block, use the oauth source. Ex:

make devenv sources="jwt_proxy"

Here is the conf you need to add to your configuration file (conf/custom.ini):

[auth]
signout_redirect_url = http://127.0.0.1:8088/oauth2/sign_out

[auth.jwt]
enabled = true
enable_login_token = true
header_name = X-Forwarded-Access-Token
username_claim = login
email_claim = email
jwk_set_file = devenv/docker/blocks/oauth/jwks.json
cache_ttl = 60m
expected_claims = {"iss": "http://localhost:8087/auth/realms/grafana", "azp": "grafana-oauth"}
auto_sign_up = true

Access Grafana through:

http://127.0.0.1:8088

Backing up keycloak DB

In case you want to make changes to the devenv setup, you can dump keycloack's DB:

cd devenv;
docker-compose exec -T oauthkeycloakdb bash -c "pg_dump -U keycloak keycloak" > docker/blocks/oauth/cloak.sql

Connecting to keycloack:

  • keycloak admin: http://localhost:8087
  • keycloak admin login: admin:admin
  • grafana jwt viewer login: jwt-viewer:grafana
  • grafana jwt editor login: jwt-editor:grafana
  • grafana jwt admin login: jwt-admin:grafana

Troubleshooting

Mac M1 Users

The new arm64 architecture does not build for the latest docker image of keycloack. Refer to https://github.com/docker/for-mac/issues/5310 for the issue to see if it resolved. Until then you need to build the docker image locally and then run devenv.

  1. Remove any lingering keycloack image
$ docker rmi $(docker images | grep 'keycloack')
  1. Build keycloack image locally
$ ./docker-build-keycloack-m1-image.sh
  1. Start from beginning of this readme