**1.**grafana修改配置文件,并禁用原有ldap登陆方式
在conf目录下的defaults.ini
[auth.generic_oauth]
name = SSO
enabled = true
allow_sign_up = true
client_id = sso_id
client_secret = sso_secret
scopes = user:email
email_attribute_name = email:primary
auth_url = http://localhost/uc-grafana/OAuth?isOAuth=1 #uc-grafana为各自grafana定义的名称
token_url = http://localhost/api/oauth/token
api_url = http://localhost/api/oauth/user
team_ids =
allowed_organizations =
tls_skip_verify_insecure = false
tls_client_cert =
tls_client_key =
tls_client_ca =
send_client_credentials_via_post = false
[auth]
disable_login_form = true #禁用登陆界面,以后只能从sso登录,前提是配置好相关管理人员的权限
[auth.basic]
enabled = false #禁用原有的验证
[server]
root_url== %(protocol)s://%(domain)s:%(http_port)s/ #根据实际情况进行调整,如此例,可以写成http://uc-grafana.com.cn/
2.重启grafana
登录grafana后会出现sso登录选项,通过sso登陆可以授权访问grafana
代码:
@RequestMapping(value = "token", method = RequestMethod.POST)
@ResponseBody
public JSONObject token(HttpServletRequest request, HttpServletResponse response) {
logger.info("开始获校验OAuth信息");
JSONObject jsonObject = new JSONObject();
String ssoToken = request.getParameter("code");
logger.info("校验OAuth信息 token:{}",ssoToken);
UserCacheDTO user = loginService.checkTokenExpire(ssoToken, "");
if (user == null){
jsonObject.put("error","invalid_token");
jsonObject.put("error_description","token error");
response.setStatus(401);
logger.info("校验OAuth信息 失败 token:{}",ssoToken);
}else {
jsonObject.put("access_token", ssoToken);
jsonObject.put("token_type", "bearer");
jsonObject.put("expires_in", TokenConstant.TOKEN_EXPIRE_SECONDS);
jsonObject.put("scope", "select");
jsonObject.put("refresh_token",ssoToken);
logger.info("校验OAuth信息 成功 token:{}",ssoToken);
}
logger.info("结束校验OAuth信息:{}",JSONObject.toJSONString(jsonObject));
return jsonObject;
}
@RequestMapping(value = "user", method = RequestMethod.GET)
@ResponseBody
public JSONObject user(HttpServletRequest request, HttpServletResponse response) throws URISyntaxException {
logger.info("开始获取OAuth用户信息");
JSONObject jsonObject = new JSONObject();
jsonObject.put("error","invalid_token");
jsonObject.put("error_description","token error");
response.setStatus(401);
String sAuthorization = request.getHeader("authorization");
String ssoToken = "";
String []sArray = sAuthorization.split(" ");
if (sArray.length == 2) {
logger.info("获取OAuth用户信息 token:{}", ssoToken);
ssoToken = sArray[1];
UserCacheDTO user = loginService.checkTokenExpire(ssoToken, "");
if (user != null) {
response.setStatus(200);
jsonObject.put("sub", "1");
jsonObject.put("name", user.getName());
jsonObject.put("given_name", user.getUsername());
jsonObject.put("family_name", "");
jsonObject.put("email", user.getEmail());
jsonObject.put("picture", "");
}
}
logger.info("结束获取OAuth用户信息:{}",JSONObject.toJSONString(jsonObject));
return jsonObject;
}