HI all, this document deals with how to setup OAuth for grafana using keycloak.
Grafana is one of best visualizer tool which support various data source And keycloak is another best opensource tool which can be used for SSO authentication.
It will be very difficult for users to have a different username and password for various applications. let’s say if u use 10 different applications, this will lead you to 10 different usernames and passwords. In order to overcome this kind of situation it will be always better to use a common platform for authentication for all these applications, Here comes keycloak in the picture.
Here we will show you how to do this for Jenkins’s application using keycloak. Stay Tuned for other DevOps tools.
Step 1: Log in to keycloak
Step 2: Create a realm for common authentication for your applications
Step 3: Create a client for grafana as given below where root url is your grafana application URL
Step 4: once the client is created, open the client configuration and change the access type to confidential from public. Save the config.
Step 5: Open the client grafana again and go to credentials tag and copy the client id and secret for future use.
Step 6: Now login to grafana server.
Step 7: open grafana.ini configuration from /etc/grafana/grafana.ini
step 8: Add or edit the below configuraion in grafana.ini file, where devops is the realm name. you change as per your realm name. Where client id is the client name and client secret the previously copied code.
Step 9: Once you have done step 8, restart grafana service.
Step 10: Log in to the grafana application. now you will be able to login with OAuth in the login screen which is basically keycloak auth. Once you selected OAuth it takes you keycloak and comes back to the grafana home screen after successful login.
© 2020, Techrunnr. All rights reserved.