Auth: lock down Grafana admin sync for SAML (#72828)

lock down Grafana admin sync for SAML
2023-08-03 17:02:40 +01:00
parent 5d99fdeb46
commit 3a2538c2ca
2 changed files with 6 additions and 2 deletions
@@ -517,8 +517,9 @@ type Cfg struct {
 	SecureSocksDSProxy SecureSocksDSProxySettings

 	// SAML Auth
-	SAMLAuthEnabled     bool
-	SAMLSkipOrgRoleSync bool
+	SAMLAuthEnabled            bool
+	SAMLSkipOrgRoleSync        bool
+	SAMLRoleValuesGrafanaAdmin string

 	// Okta OAuth
 	OktaAuthEnabled     bool
@@ -1265,6 +1266,7 @@ func (cfg *Cfg) readSAMLConfig() {
 	samlSec := cfg.Raw.Section("auth.saml")
 	cfg.SAMLAuthEnabled = samlSec.Key("enabled").MustBool(false)
 	cfg.SAMLSkipOrgRoleSync = samlSec.Key("skip_org_role_sync").MustBool(false)
+	cfg.SAMLRoleValuesGrafanaAdmin = samlSec.Key("role_values_grafana_admin").MustString("")
 }

 func (cfg *Cfg) readLDAPConfig() {