public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
52,527 Commits 655 Branches 650 Tags
8aecf9bd0d285dc42e1f0df01b0e752b85e5da37
Commit Graph

36 Commits

Author SHA1 Message Date
SeamusGrafana 7f58a5b239 Disable Requirement for SSL in 'cloak.sql' (#86919) 
Disable Requirment for SSL in 'cloak.sql'

Disable the Requirement for SSL on External Sites in Keycloak Database for Grafana Realm
 2024-05-15 17:12:51 +02:00
linoman 224d61746a Remove SAML form the list of auth providers for devenv (#86684) 
Update README.md

The link for SAML was broken. Since SAML is an enterprise feature, it has been removed.
 2024-04-22 17:27:58 +02:00
linoman 7bc8b27c33 Update README.md (#84011) 2024-03-07 01:54:53 -06:00
Misi 705ab460a2 Devenv: Add groups to jwt_proxy (#82424) 
Add groups claim to jwt, add groups
 2024-02-14 13:57:36 +01:00
Jo 6f62d970e3 JWT Authentication: Add support for specifying groups in auth.jwt for teamsync (#82175) 
* merge JSON search logic

* document public methods

* improve test coverage

* use separate JWT setting struct

* correct use of cfg.JWTAuth

* add group tests

* fix DynMap typing

* add settings to default ini

* add groups option to devenv path

* fix test

* lint

* revert jwt-proxy change

* remove redundant check

* fix parallel test
 2024-02-09 16:35:58 +01:00
SeamusGrafana 7dc6a047f7 Auth: Update Authentik DB in DevEnv to fix expired SSL Certs (#80427) 
Update Authentik DB
 2024-01-12 11:36:17 +01:00
Jo 02136e5a2f Auth: Fix authentik devenv update (#80285) 
fix authentik update
 2024-01-10 15:50:08 +02:00
venkatbvc e152323a33 Auth: Split signout_redirect_url into per provider settings (#75269) 
* Split signout_redirect_url into per provider settings

* Split signout_redirect_url into per provider settings

* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana/index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Split signout_redirect_url into per provider settings

* Split signout_redirect_url into per provider settings

* Split signout_redirect_url into per provider settings

* Split signout_redirect_url into per provider settings

* Split signout_redirect_url into per provider settings

* Split signout_redirect_url into per provider settings

* update docs

* update devenvs

* add missing struct tag

---------

Co-authored-by: Rao, B V Chalapathi <b_v_chalapathi.rao@nokia.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: jguer <me@jguer.space>
 2023-11-29 14:50:21 +01:00
Gabriel MABILLE 4280e31239 Devenv: Fix openldap-multiple dev environment (#75013) 2023-09-18 17:21:59 +03:00
venkatbvc 7c98678188 Auth: Add support for OIDC RP-Initiated Logout (#70357) 
* Fix signout redirect_uri issue

* Fix signout redirect_uri issue

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* remove signout url global

* style alignment

* remove legacy handlers for devenv

* Update pkg/api/login.go

---------

Co-authored-by: Rao B V Chalapathi <b_v_chalapathi.rao@nokia.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: jguer <me@jguer.space>
 2023-08-29 11:34:11 +02:00
Gabriel MABILLE 4c7b97cdb0 ClientTokenRotation: Don't rotate session cookie for authproxy (#72496) 
* ClientTokenRotation: Don't rotate session cookie for authproxy

* Account for config option auth.proxy enable_login_token

* Limit amount of changes on devenv

* Fix tests by moving authenticatedBy up

* Uncomment nginx conf
 2023-07-28 15:32:58 +02:00
linoman 0ffa72877e Chore: Bump keycloak version (#72386) 
* Bump keycloak version

* Remove troubleshooting

* Remove script for M1 machines
 2023-07-27 09:56:31 +02:00
SeamusGrafana 711cedfe34 DevEnv: Add Support for SAML SLO in Authentik (#69147) 
* Update Authentik Image Version in docker-compose.yaml

Update Authentik Image Version in `docker-compose.yaml` to use the current version (as of writing) which is `2023.5.1` where this has been tested against.

* DevEnv: update SLO support for Authentik
 2023-06-21 08:14:11 +02:00
Jo e43c3ef87e Devenv: Update auth devenv versions (#69370) 
update auth devenv versions
 2023-06-01 17:28:55 +02:00
Misi 28bb960e42 AuthN: Make clientTokenRotation work when Grafana is accessible on a sub url (#69385) 
Fix clientTokenRotation for auth-proxy
 2023-06-01 17:06:00 +02:00
Misi 8548218776 Devenv: Add prometheus_oauth2_proxy_azure devenv (#66825) 
Add prometheus_oauth2_proxy_azure devenv
 2023-04-19 17:28:14 +02:00
Jo 8bb10f87e9 Auth: Update authentik devenv and add oauth (#64691) 
update authentik devenv and add oauth
 2023-03-13 15:13:16 +01:00
Eric Leijonmarck 27f0c9c70f Auth: Doc change url for getting JWT (#62319) 
docs: change url for getting JWT
 2023-01-27 14:26:35 +01:00
linoman 8ba5f59fb7 Promote openldap-mac (#61332) 
* Replace `openldap` with `openldap-mac`

* Rename all references for `openldap-mac`

* Rename prepopulated users with first names
 2023-01-12 10:20:01 +01:00
Jo 5f6f1a7d07 Devenv: Update to keycloak 20 (#61174) 
update to keycloak 20
 2023-01-10 16:50:53 +01:00
Jo 0c8ad80575 Authn: JWT client (#61157) 
* add jwt client

* alias JWT verifier

* debug implementation

* add tests for jwt client

* add constant for JWT module

* Feedback

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>

Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
Co-authored-by: Mihály Gyöngyösi <mgyongyosi@users.noreply.github.com>
 2023-01-10 15:08:52 +01:00
Jo ba9decfd04 Devenv: Add SAML authentik devenv (#60881) 
* add SAML support to authentik devenv

* update authentik image

* mark SAML as done
 2023-01-03 10:06:24 +00:00
Jo e1ea5490b3 Devenv: Remove abandoned environment (#60882) 
chore: remove abandoned environment
 2023-01-03 09:30:59 +01:00
Misi 7bb5200cc2 Devenv: OpenLDAP-Mac improvements (#60229) 
* Use groupOfUniqueNames and uniqueMember

* Update README.md
 2022-12-13 18:20:37 +01:00
Conor Evans 40ba2ba18d fix(config/jwt): the value should be "expect_claims", not "expected_claims" (#58284) 
Signed-off-by: Conor Evans <coevans@tcd.ie>
 2022-11-07 12:29:27 +00:00
Jo e3ea7ee145 Doc: Add groups mapping config to readme (#58208) 2022-11-04 10:43:38 +01:00
Jo 61774ae7f1 Docs: Add keycloak oauth setup guide (#57685) 
* use scopes for generic_oauth devenv. Support refresh_tokens

* add keycloak section

* add teamsync support to oauth devenv

* Add keycloak guide

* Upgrade keycloak to version 19

* Update devenv/docker/blocks/auth/oauth/readme.md

Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>

* feedback

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>

Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
 2022-10-28 17:57:56 -04:00
Jo 77437f2c89 Add multi-auth devenv (#57609) 
* add authentik devenv

* remove direct dependency on spew

* use cn

* add authentik instructions

* add backup instructions
 2022-10-26 13:46:50 +02:00
Jo ef245874da OAuth: Allow assigning Server Admin (#54780) 
* extract errors to errors file

* implement oauth server admin assignment

* add server admin tests

* deduplicate autoAssignOrgRole

* deduplicate strict setting

* deduplicate strict setting

* add support for generic oauth

* add role attribute strict support for generic oauth

* add support for github/gitlab

* assignGrafanaAdmin option is here to stay

* unify similar errors

* add config option

* add okta server admin mapping

* remove never used Company attribute

* unify generic oauth role extract with other methods

* case insensitive role match as in azure

* add ini settings

* add server admin to devenv

* remove duplicate fields

* add documentation to oauth

* fix titlecase test

* implement doc feedback
 2022-09-08 06:11:00 -04:00
Nicholas Wiersma 9e704fec3c JWT: Add support for assigning org roles (#54277) 
* feat: allow jwt role to be set

* chore: update documentation

* fix: cr suggestions

* fix: lint issues

* respect org auto assign and default org ID

* add server admin to devenv

Co-authored-by: jguer <joao.guerreiro@grafana.com>
 2022-09-07 14:00:33 +02:00
linoman 0324e9c60e Fix paths for auth/ build and volume paths (#54828) 2022-09-07 10:53:58 +02:00
linoman c915cb2d5c Update auth/jwt_proxy and auth/oauth reference (#54781) 2022-09-06 15:46:01 +02:00
linoman 638fb5dc6d Fix docker compose for openldap and oauth (#54745) 
* Fix reference for `openldap` block

* Fix volume reference for `oauth` block
 2022-09-06 14:22:03 +02:00
Jo 4952b7f22d Add JWT url auth documentation (#54040) 
* add jwt auth docs

* add appropriate warnings to docs

* remove unimplemented login_token assumptions

* Update conf/sample.ini
 2022-09-05 03:46:50 -04:00
linoman 3f0beee362 Update README build references (#54394) 2022-08-29 16:36:06 +02:00
linoman d2547bb832 Chore: Group auth docker blocks (#54274) 
* Move auth docker images to parent folder

* Add README file for auth parent folder

* Add grafana-authnz-team as code owner

* Update `devenv` docs
 2022-08-29 08:36:56 +02:00