[HELP-15534] [fiware-stackoverflow] Single Sign on Keyrock-Grafana doesn't work - JIRA

Details

Type: Monitor
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 2021
Component/s: FIWARE-TECH-HELP
Labels:

Source URL:
https://stackoverflow.com/questions/54998226/single-sign-on-keyrock-grafana-doesnt-work
HD-Enabler:
KeyRock

Description

Created question in FIWARE Q/A platform on 05-03-2019 at 09:03
Please, ANSWER this question AT https://stackoverflow.com/questions/54998226/single-sign-on-keyrock-grafana-doesnt-work

Question:
Single Sign on Keyrock-Grafana doesn't work

Description:
I'm trying to use Keyrock to offer Single Sign-on on different platforms. Specifically, I want to offer that service in Grafana. I've seen the configuration to be changed in Grafana and my docker-compose is like this:

version: "3.1"
services:

grafana:
image: grafana/grafana:5.1.0
ports:

3000:3000
networks:
default:
ipv4_address: 172.18.1.4
environment:
GF_AUTH_GENERIC_OAUTH_CLIENT_ID=90be8de5-69dc-4b9a-9cc3-962cca534410
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=9e98964b-5043-4086-9657-51f1d8c11fe0
GF_AUTH_GENERIC_OAUTH_ENABLED=true
GF_AUTH_GENERIC_OAUTH_AUTH_URL=http://172.18.1.5:3005/oauth2/authorize
GF_AUTH_GENERIC_OAUTH_TOKEN_URL=http://172.18.1.5:3005/oauth2/token
GF_AUTH_GENERIC_OAUTH_API_URL=http://172.18.1.5:3005/v1/users
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP = true
GF_Server_DOMAIN=172.18.1.4
GF_Server_ROOT_URL=http://172.18.1.4:3000

keyrock:
image: fiware/idm:7.5.1
container_name: fiware-keyrock
hostname: keyrock
networks:
default:
ipv4_address: 172.18.1.5
depends_on:

mysql-db
ports:
"3005:3005"
"3443:3443"
environment:
DEBUG=idm:*
DATABASE_HOST=mysql-db
IDM_DB_PASS_FILE=/run/secrets/my_secret_data
IDM_DB_USER=root
IDM_HOST=http://localhost:3005
IDM_PORT=3005
IDM_HTTPS_ENABLED=false
IDM_HTTPS_PORT=3443
IDM_ADMIN_USER=admin
IDM_ADMIN_EMAIL=admin@test.com
IDM_ADMIN_PASS=test
secrets:
my_secret_data
healthcheck:
test: curl --fail -s http://localhost:3005/version || exit 1

mysql-db:
restart: always
image: mysql:5.7
hostname: mysql-db
container_name: db-mysql
expose:

"3306"
ports:
"3306:3306"
networks:
default:
ipv4_address: 172.18.1.6
environment:
"MYSQL_ROOT_PASSWORD_FILE=/run/secrets/my_secret_data"
"MYSQL_ROOT_HOST=172.18.1.5"
volumes:
mysql-db-sso:/var/lib/mysql
./mysql-data:/docker-entrypoint-initdb.d/:ro
secrets:
my_secret_data

networks:
default:
ipam:
config:

subnet: 172.18.1.0/24
volumes:
mysql-db-sso:

secrets:
my_secret_data:
file: ./secrets.txt

I have the Grafana application registered in Keyrock and has as callback http://172.18.1.4:3000/login. When I try to Sign-in in Grafana through Oauth it redirects me to the keyrock page to Sign-in, but when entering the credentials it returns me an invalid client_id, but it is the same one that returns Keyrock to me when obtaining the application information.

Is it possible that I lack something to configure or should it be done in another way?

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Backlog Manager added a comment - 05/Mar/19 12:06 PM

2019-03-05 12:06|CREATED monitor | # answers= 0, accepted answer= False

Show

Backlog Manager added a comment - 05/Mar/19 12:06 PM 2019-03-05 12:06|CREATED monitor | # answers= 0, accepted answer= False

Hide

Permalink

Backlog Manager added a comment - 06/Mar/19 9:06 PM

2019-03-06 21:05|UPDATED status: transition Answered| # answers= 1, accepted answer= False

Show

Backlog Manager added a comment - 06/Mar/19 9:06 PM 2019-03-06 21:05|UPDATED status: transition Answered| # answers= 1, accepted answer= False

People

Assignee:

Dmitrii Demin

Reporter:

Backlog Manager

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

05/Mar/19 12:06 PM

Updated:

27/May/21 10:54 AM

Resolved:

07/Mar/19 5:04 PM

Agile

View on Board