Grafana - Configure generic OAuth2 authentication

最新推荐文章于 2024-04-29 10:41:46 发布
最新推荐文章于 2024-04-29 10:41:46 发布
阅读量1.4k 收藏 27
点赞数 29
文章标签: grafana python 数据库 authing
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_34068440/article/details/138235201
版权

Configure generic OAuth2 authentication

There are numerous authentication methods available in Grafana to verify user identity. The authentication configuration dictates which users can access Grafana and the methods they can use for logging in. You can also configure Grafana to automatically update users’ roles and team memberships in Grafana based on the information returned by the auth provider integration.

When deciding on an authentication method, it’s important to take into account your current identity and access management system as well as the specific authentication and authorization features you require. For a complete list of the available authentication options and the features they support, refer to Configure authentication.

Grafana provides OAuth2 integrations for the following auth providers:

If your OAuth2 provider is not listed, you can use generic OAuth2 authentication.

This topic describes how to configure generic OAuth2 authentication using different methods and includes examples of setting up generic OAuth2 with specific OAuth2 providers.

Before you begin

To follow this guide:

  • Ensure you know how to create an OAuth2 application with your OAuth2 provider. Consult the documentation of your OAuth2 provider for more information.
  • Ensure your identity provider returns OpenID UserInfo compatible information such as the sub claim.
  • If you are using refresh tokens, ensure you know how to set them up with your OAuth2 provider. Consult the documentation of your OAuth2 provider for more information.

Configure generic OAuth authentication client using the Grafana UI

Note

Available in Public Preview in Grafana 10.4 behind the ssoSettingsApi feature toggle.

As a Grafana Admin, you can configure Generic OAuth2 client from within Grafana using the Generic OAuth UI. To do this, navigate to Administration > Authentication > Generic OAuth page and fill in the form. If you have a current configuration in the Grafana configuration file then the form will be pre-populated with those values otherwise the form will contain default values.

After you have filled in the form, click Save to save the configuration. If the save was successful, Grafana will apply the new configurations.

If you need to reset changes you made in the UI back to the default values, click Reset. After you have reset the changes, Grafana will apply the configuration from the Grafana configuration file (if there is any configuration) or the default values.

Note

If you run Grafana in high availability mode, configuration changes may not get applied to all Grafana instances immediately. You may need to wait a few minutes for the configuration to propagate to all Grafana instances.

Refer to configuration options for more information.

Configure generic OAuth authentication client using the Terraform provider

Note

Available in Public Preview in Grafana 10.4 behind the ssoSettingsApi feature toggle. Supported in the Terraform provider since v2.12.0.

terraform

resource "grafana_sso_settings" "generic_sso_settings" {
  provider_name = "generic_oauth"
  oauth2_settings {
    name              = "Auth0"
    auth_url          = "https://<domain>/authorize"
    token_url         = "https://<domain>/oauth/token"
    api_url           = "https://<domain>/userinfo"
    client_id         = "<client id>"
    client_secret     = "<client secret>"
    allow_sign_up     = true
    auto_login        = false
    scopes            = "openid profile email offline_access"
    use_pkce          = true
    use_refresh_token = true
  }
}

Refer to Terraform Registry for a complete reference on using the grafana_sso_settings resource.

Configure generic OAuth authentication client using the Grafana configuration file

Ensure that you have access to the Grafana configuration file.

Steps

To integrate your OAuth2 provider with Grafana using our generic OAuth2 authentication, follow these steps:

  1. Create an OAuth2 application in your chosen OAuth2 provider.

  2. Set the callback URL for your OAuth2 app to http://<my_grafana_server_name_or_ip>:<grafana_server_port>/login/generic_oauth.

    Ensure that the callback URL is the complete HTTP address that you use to access Grafana via your browser, but with the appended path of /login/generic_oauth.

    For the callback URL to be correct, it might be necessary to set the root_url option in the [server]section of the Grafana configuration file. For example, if yo

最低0.47元/天 解锁文章
grafana 】mac端grafana配置的文件 grafana.ini 及login
突围
08-04 609
grafana.ini
【云原生】Keycloak认证登录Grafana
最新发布
CN_Eden
03-30 268
auth_url、token_url、token_url参数可以从这获取(dsp修改成自己的id): https://oauth.dev.alsi.cn:10110/realms/dsp/.well-known/openid-configuration。参考文档:https://grafana.org.cn/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/
grafana 源码编译二次开发整合oauth2
学习痕迹
06-30 2728
背景 在已有系统中嵌入grafana仪表盘作数据展示,需要对界面进行二次开发满足风格统一,同时需要对grafana的权限部分进行修改,满足页面进行无缝跳转,同时识别当前用户。 安装 grafana 依赖于nodejs、go、git等,其安装过程略过。 grafana下载后,我选择了v7.0.0 tag分支进行开发。 如果是在window上面进行环境搭建,还需要安装GCC环境。 这里我使用的是minGW64, 这里要根据操作系统选择安装,我选择安装64位。 安装过程可以参考这里 遇到的问题 go get
grafana接入oauth2
qq_43801592的博客
02-22 6441
grafana接入oauth2 grafana配置 安装grafana之后,配置文件grafana.ini默认会在/etc/grafana路径下 修改grafana.ini配置 vim grafana.ini 要修改部分 [server] # Protocol (http, https, h2, socket) ;protocol = http # The ip address to bind to, empty will bind to all interfaces ;http_addr = #
Grafana对接OAuth2登录
傻了积威的博客
03-23 3356
Grafana对接OAuth2,实现第三方账号登录Grafana
grafana-利用Google OAuth2 身份验证
kozazyh的专栏
09-18 3120
Google OAuth2身份验证 要启用Google OAuth2,您必须向Google注册您的应用程序。Google将生成客户端ID和密钥供您使用。 创建Google OAuth密钥 首先,您需要创建Google OAuth客户端: 转到https://console.developers.google.com/apis/credentials 单击“创建凭据”按钮,然后在下拉菜单中...
【基于Maxkey Oauth2接入Grafana,实现单点登录】
memory23的博客
04-29 2181
解决Grafana登录报错login.OAuthLogin(missing saved state)问题
Grafana基础:配置文件与说明
知行合一 止于至善
01-19 1万+
这篇文章以6.5.1版本的Grafana为例,对于Grafana配置文件的使用进行介绍。
配置使用Gitee账号认证登录Grafana
qq_34068440的博客
08-16 1320
1、登录图标的位置 grafana/public/img/icons/unicons/ 2、代码 public/app/core/components/Login/LoginServiceButtons.tsx。用户想要登录 A 网站,A 网站让用户提供第三方网站的数据,证明自己的身份。请记住,将YOUR_GITEE_CLIENT_ID和YOUR_GITEE_CLIENT_SECRET替换为了在Gitee上注册您的应用程序时获得的值。举例来说,A 网站允许 Gitee 登录,背后就是下面的流程。
J2EE项目部署TOMCAT更改发布工程名
夜流觞
10-09 2241
两种方法: 1右键【Properties】出现窗口,点击【MyEclipse】-->【Web】项,再修改【Web Context-root】中的值.如图 2也可修改MyEclipse工程之下的“.classpath”、“.mymetadata”和“.project”,查看并修改,也可以实现。
定制化OAuth2的授权服务器
傻了积威的博客
03-22 322
定制化OAuth2授权服务器,通过Redis保存授权码,自定义认证逻辑,支持多种认证方式
可视化软件grafana如何用oauth实现第三方授权登录
热门推荐
一个爱摸鱼的程序员
05-21 1万+
​前言 无论是什么行业的企业或业务,有时候我们需要查看历史数据---了解业务,总结规律,发现异常。 grafana作为数据可视化软件之一,支持多种数据源,可灵活配置图表,得到你想要的数据呈现效果,也有很多开放的api,方便和其他系统集成,也就是说grafana直接读取你的数据,至于如何展示,在它上面设置就可以了,而且开源、免费。如果数据量多,需要高性能,可以把数据存在influxDb等时序数据库。 但是遗憾的是,系统本身没有中文版本,如果需要汉化:可参考我之前的这篇文章:htt...
Grafana接入单点登陆cas实践
mo56834154的博客
01-07 3759
Grafana接入单点登陆cas实践 grafana是一款比较流行且好用的可视化制图工具,在实战过程中,往往需要与公司内已有系统做打通,势必带来的问题是如何和内部系统做联动 对grafana添加auth.proxy属性 在grafana.ini配置文件中添加如下配置: [auth.proxy] enabled=true header_name=X-WEBAUTH-USER header_property= username auto_sign_up= true 编写grafana-cas,通过go
Grafana支持的认证方式分析比较IAM产品现状与未来展望
qq_34068440的博客
04-28 1263
本报告首先概述了评价IAM(Identity and Access Management)产品的主要因素,并基于Grafana支持的认证方式,引出对IAM产品的深入探讨。通过对Grafana认证机制的解析,结合市场上主流IAM产品的对比分析,我们进一步探索了IAM产品的现状与未来发展趋势。
企业级sso(cas)开发课程
10-28
学员们将获得sso相关技能和知识,能实现sso的企业定制开发,实现统一的账户管理,解决公司多系统多账户的问题,可以直接接入到公司的jira wiki  jenkins gitlab sonar grafna 等系统和自己开发的springboot系统和传统的web项目中,本项目是sso入门到精通的理想入门课程。
grafana实现java后端登录_grafana使用gitLab 的OAuth2认证服务登陆
weixin_39780962的博客
02-27 1902
grafana 使用gitLab 的OAuth2认证服务登陆grafana 配置[auth.gitlab]enabled = trueallow_sign_up = trueclient_id =f8d7d37a0d5bbe13e6832d878bedddeafde511ed1465bb042d2467978e797e01client_secret =1e72599e0a006a69060758d...
Grafana配置Ldap设置单个用户权限
threeboss的博客
06-28 1433
1.配置grafana.ini vim /etc/grafana/grafana.ini [auth.ldap] enabled = true config_file = /etc/grafana/ldap.toml allow_sign_up = false allow_sign_up 这里设置false,不允许自动注册,需要管理员手动添加用户。 2.配置ldap.toml vim /etc/grafana/ldap.toml # 设置Ldap基础信息 [[servers]] host = "xxx.x
spring-security-oauth2-authorization-server和spring-boot-starter-oauth2-client和spring-boot-starter-oauth2-resource-server
03-19
### Spring Security OAuth2 配置指南 #### 1. 授权服务器 (Authorization Server) 为了配置授权服务器,可以使用 `spring-security-oauth2-authorization-server` 提供的功能。以下是具体的步骤: 引入必要的依赖项: ```xml <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-oauth2-authorization-server</artifactId> <version>1.0.0</version> </dependency> ``` 创建一个类来启用授权服务器功能并定义令牌端点和其他必要设置: ```java import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.server.authorization.config.ProviderSettings; @Configuration(proxyBeanMethods = false) public class AuthorizationServerConfig { @Bean public ProviderSettings providerSettings() { return ProviderSettings.builder() .issuer("https://example.com") // 设置发行者URL .build(); } protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests(authorize -> authorize.anyRequest().authenticated()) .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt); } } ``` 上述代码片段展示了如何通过自定义 `ProviderSettings` 来指定授权服务器的相关参数[^1]。 --- #### 2. 客户端 (Client Configuration) 要使应用程序作为OAuth2客户端运行,需添加以下依赖项: ```xml <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-oauth2-client</artifactId> </dependency> ``` 在 `application.yml` 或 `application.properties` 文件中提供客户端的具体配置信息: ```yaml spring: security: oauth2: client: registration: google: clientId: your-google-client-id clientSecret: your-google-client-secret redirectUri: "{baseUrl}/login/oauth2/code/{registrationId}" scope: - email - profile provider: google: authorization-uri: https://accounts.google.com/o/oauth2/v2/auth token-uri: https://www.googleapis.com/oauth2/v4/token user-info-uri: https://www.googleapis.com/oauth2/v3/userinfo jwk-set-uri: https://www.googleapis.com/oauth2/v3/certs ``` 此部分描述了如何注册外部身份提供商(如Google),以及如何获取用户的电子邮件和个人资料数据[^2]。 --- #### 3. 资源服务器 (Resource Server) 资源服务器负责验证传入请求中的访问令牌,并保护受控API免遭未经授权的访问。为此,应加入如下依赖: ```xml <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-oauth2-resource-server</artifactId> </dependency> ``` 接着,在安全配置文件中声明资源服务器的行为模式: ```java import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; @Configuration public class ResourceServerConfig { @Bean public SecurityFilterChain resourceServerSecurityFilterChain(HttpSecurity http) throws Exception { http.authorizeHttpRequests(authz -> authz .anyRequest().authenticated()) .oauth2ResourceServer(oauth2 -> oauth2.jwt()); return http.build(); } } ``` 这里说明的是如何利用JWT解析器对进入系统的每一个HTTP请求执行认证操作[^3]。 --- #### 总结 以上分别介绍了基于Spring Boot框架下构建OAuth2架构所需的三个核心模块——授权服务器、客户端和资源服务器的基础搭建方法及其相互协作方式。每一步都紧密关联着实际项目开发过程中的需求场景和技术选型考量因素。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

临水逸

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值