Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:applications:grafana [2020/04/16 18:24] (current)
maxbes created
Line 1: Line 1:
 +====== Grafana ======
 +
 +{{ :​applications:​grafana_logo.png?​nolink |}}
 +
 +===== Presentation =====
 +
 +[[https://​grafana.com/​|Grafana]] is an Open Source dashboard for monitoring databases such as Prometheus, Graphite or Elasticsearch
 +
 +Grafana offers social login through a generic OAuth 2 connector. Thankfully, it is close enough to OpenID Connect to work well with LemonLDAP::​NG
 +
 +
 +===== Pre-requisites =====
 +
 +==== Grafana configuration ====
 +
 +You should start by following the generic OAuth2 documentation provided by Grafana:
 +https://​grafana.com/​docs/​grafana/​latest/​auth/​generic-oauth/​
 +
 +Your configuration file will have to look something like this:
 +
 +<​code>​
 +[auth.generic_oauth]
 +enabled = true
 +client_id = CHOOSE_A_CLIENT_ID
 +client_secret = CHOOSE_A_CLIENT_SECRET
 +scopes = openid email profile
 +auth_url = https://​auth.example.com/​oauth2/​authorize ​
 +token_url = https://​auth.example.com/​oauth2/​token ​
 +api_url = https://​auth.example.com/​oauth2/​userinfo ​
 +allow_sign_up = true
 +name = LemonLDAP::​NG
 +send_client_credentials_via_post = false
 +email_attribute_name = email
 +</​code>​
 +
 +==== LL:NG ====
 +
 +Make sure you have already [[.:​..:​idpopenidconnect|enabled OpenID Connect]] on your LemonLDAP::​NG server
 +
 +
 +Then, add a Relaying Party with the following configuration
 +
 +  * Options » Authentification » Client ID : same as ''​client_id''​ above
 +  * Options » Allowed redirection address : same as ''​client_secret ''​ above
 +
 +If you want to transmit user attributes to Grafana, you also need to configure
 +  * Extra Claims » 
 +    * add a key named ''​profile''​
 +    * set a value of ''​name username display_name upn''​
 +  * Exported Attributes (not all of them are mandatory)
 +    * replace the existing keys with the following 5 new keys: 
 +      * ''​name''​
 +      * ''​username''​
 +      * ''​display_name''​
 +      * ''​upn''​
 +      * ''​email'' ​
 +    * map them to your corresponding LemonLDAP::​NG session attribute
 +