Closed spprod35 closed 4 years ago
The easiest way I can think of to achieve this would be to let the OAuth2_Proxy handle authentication for both ELK and Grafana. Have you considered using the OAuth2_Proxy with Grafana using the Auth Proxy configuration?
I do not understand where to configure the oauth2_proxy server. I rather feel that grafana includes a proxy of the same kind as oauth2_proxy.
In addition, once authenticated on grafana with my Azure token AD, on elk.tvwonder.fr, I just have to click on "sign with azure" to be connected, no identifier is requested.
How to make oauth2_proxy check that a connection is already active on Azure so as not to present the page with the button?
Regards,
The OAuth2_proxy cannot read the session from Azure. If you want to have the same authentication for these two endpoints you will need to configure the OAuth2_Proxy to authenticate against Azure and then have it sitting in front of both Grafana and your ELK stack. This was the authentication can be shared between them
I'm surprised that oauth_proxy can not automate the click on "Sign In With Azure". When I arrive on the page, I just have to click and I'm connected (Active session at Azure), can you tell me the technical brake that prevents this?
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.
hello the community
I am setting up an ELK + Grafana server In order to add an authentication layer on Elasticsearch, I configured OAUTH2_Proxy.
For this service (ELK), in direct access, it works correctly.
On grafana, I configured the OAUTH, directly in the grafana.ini http://docs.grafana.org/auth/generic-oauth/ User authentication on grafana works. However, I want to pass Grafana's cookie credentials to ELK through a browser request (see attachment)
Your Environment
Nginx ELK Conf :
Javascript Console de grafana :
If I go manually on elk.tvwonder.fr and I click on sign in with Azure, my browser is already connected on azure, I am direct redirected and authenticated.
Returning to grafana, everything works. I just do not want to have to go to elk.tvwonder.fr to click.
Do you have an idea of the configuration to apply?
Regards,