HI all, this document deals with how to setup OAuth for grafana using keycloak.
Grafana is one of best visualizer tool which support various data source And keycloak is another best opensource tool which can be used for SSO authentication.
It will be very difficult for users to have a different username and password for various applications. let’s say if u use 10 different applications, this will lead you to 10 different usernames and passwords. In order to overcome this kind of situation it will be always better to use a common platform for authentication for all these applications, Here comes keycloak in the picture.

Here we will show you how to do this for Jenkins’s application using keycloak. Stay Tuned for other DevOps tools.

Prerequisites
* Grafana installed, if not refer this linkĀ how to install grafana for database monitoring
* Keycloak installed, if not refer this linkĀ how to set up a keycloak server in Linux

Configuration
Step 1: Log in to keycloak


Step 2: Create a realm for common authentication for your applications


Step 3: Create a client for grafana as given below where root url is your grafana application URL

Step 4: once the client is created, open the client configuration and change the access type to confidential from public. Save the config.

Step 5: Open the client grafana again and go to credentials tag and copy the client id and secret for future use.


Step 6: Now login to grafana server.
Step 7: open grafana.ini configuration from /etc/grafana/grafana.ini

step 8: Add or edit the below configuraion in grafana.ini file, where devops is the realm name. you change as per your realm name. Where client id is the client name and client secret the previously copied code.

 

[auth.generic_oauth]
enabled = true
name = Oauth
allow_sign_up = true
client_id = grafana
client_secret = 6627942e-d7ad-4780-aaec-63d6fdabbf02
auth_url = https://sso.techrunnr.com/auth/realms/devops/protocol/openid-connect/auth
token_url = https://sso.techrunnr.com/auth/realms/devops/protocol/openid-connect/token
api_url = https://sso.techrunnr.com/auth/realms/devops/protocol/openid-connect/userinfo

Step 9: Once you have done step 8, restart grafana service.

service grafana-server restart

Step 10: Log in to the grafana application. now you will be able to login with OAuth in the login screen which is basically keycloak auth. Once you selected OAuth it takes you keycloak and comes back to the grafana home screen after successful login.

© 2020, Techrunnr. All rights reserved.

#1
#2
#3
Questions Answered
Articles Written
Overall Points

Prabhin Prabharkaran

He is Technical professional. He is a person who loves to share tricks and tips on the Internet. He Posts what he does!!

0 Comments

Leave a Reply

Keep ahead of COVID-19

Follow the below safety measures as precautionary steps to avoid COVID-19 1. Use face mask in public Places 2. Use Hand sanitizers 3. Maintain Social Distancing 4. Avoid going to crowded places 5. Avoid touching eyes, nose and mouth