Details
-
Type:
Monitor
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:
-
HD-Enabler:KeyRock
Description
Created question in FIWARE Q/A platform on 05-03-2019 at 09:03
Please, ANSWER this question AT https://stackoverflow.com/questions/54998226/single-sign-on-keyrock-grafana-doesnt-work
Question:
Single Sign on Keyrock-Grafana doesn't work
Description:
I'm trying to use Keyrock to offer Single Sign-on on different platforms. Specifically, I want to offer that service in Grafana. I've seen the configuration to be changed in Grafana and my docker-compose is like this:
version: "3.1"
services:
grafana:
image: grafana/grafana:5.1.0
ports:
- 3000:3000
networks:
default:
ipv4_address: 172.18.1.4
environment: - GF_AUTH_GENERIC_OAUTH_CLIENT_ID=90be8de5-69dc-4b9a-9cc3-962cca534410
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=9e98964b-5043-4086-9657-51f1d8c11fe0
- GF_AUTH_GENERIC_OAUTH_ENABLED=true
- GF_AUTH_GENERIC_OAUTH_AUTH_URL=http://172.18.1.5:3005/oauth2/authorize
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL=http://172.18.1.5:3005/oauth2/token
- GF_AUTH_GENERIC_OAUTH_API_URL=http://172.18.1.5:3005/v1/users
- GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP = true
- GF_Server_DOMAIN=172.18.1.4
- GF_Server_ROOT_URL=http://172.18.1.4:3000
keyrock:
image: fiware/idm:7.5.1
container_name: fiware-keyrock
hostname: keyrock
networks:
default:
ipv4_address: 172.18.1.5
depends_on:
- mysql-db
ports: - "3005:3005"
- "3443:3443"
environment: - DEBUG=idm:*
- DATABASE_HOST=mysql-db
- IDM_DB_PASS_FILE=/run/secrets/my_secret_data
- IDM_DB_USER=root
- IDM_HOST=http://localhost:3005
- IDM_PORT=3005
- IDM_HTTPS_ENABLED=false
- IDM_HTTPS_PORT=3443
- IDM_ADMIN_USER=admin
- IDM_ADMIN_EMAIL=admin@test.com
- IDM_ADMIN_PASS=test
secrets: - my_secret_data
healthcheck:
test: curl --fail -s http://localhost:3005/version || exit 1
mysql-db:
restart: always
image: mysql:5.7
hostname: mysql-db
container_name: db-mysql
expose:
- "3306"
ports: - "3306:3306"
networks:
default:
ipv4_address: 172.18.1.6
environment: - "MYSQL_ROOT_PASSWORD_FILE=/run/secrets/my_secret_data"
- "MYSQL_ROOT_HOST=172.18.1.5"
volumes: - mysql-db-sso:/var/lib/mysql
- ./mysql-data:/docker-entrypoint-initdb.d/:ro
secrets: - my_secret_data
networks:
default:
ipam:
config:
- subnet: 172.18.1.0/24
volumes:
mysql-db-sso:
secrets:
my_secret_data:
file: ./secrets.txt
I have the Grafana application registered in Keyrock and has as callback http://172.18.1.4:3000/login. When I try to Sign-in in Grafana through Oauth it redirects me to the keyrock page to Sign-in, but when entering the credentials it returns me an invalid client_id, but it is the same one that returns Keyrock to me when obtaining the application information.
Is it possible that I lack something to configure or should it be done in another way?
Activity
| Field | Original Value | New Value |
|---|---|---|
| Component/s | FIWARE-TECH-HELP [ 10278 ] |
| HD-Enabler | KeyRock [ 10889 ] | |
| Description |
Created question in FIWARE Q/A platform on 05-03-2019 at 09:03 {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/54998226/single-sign-on-keyrock-grafana-doesnt-work +Question:+ Single Sign on Keyrock-Grafana doesn't work +Description:+ I'm trying to use Keyrock to offer Single Sign-on on different platforms. Specifically, I want to offer that service in Grafana. I've seen the configuration to be changed in Grafana and my docker-compose is like this: version: "3.1" services: grafana: image: grafana/grafana:5.1.0 ports: - 3000:3000 networks: default: ipv4_address: 172.18.1.4 environment: - GF_AUTH_GENERIC_OAUTH_CLIENT_ID=90be8de5-69dc-4b9a-9cc3-962cca534410 - GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=9e98964b-5043-4086-9657-51f1d8c11fe0 - GF_AUTH_GENERIC_OAUTH_ENABLED=true - GF_AUTH_GENERIC_OAUTH_AUTH_URL=http://172.18.1.5:3005/oauth2/authorize - GF_AUTH_GENERIC_OAUTH_TOKEN_URL=http://172.18.1.5:3005/oauth2/token - GF_AUTH_GENERIC_OAUTH_API_URL=http://172.18.1.5:3005/v1/users - GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP = true - GF_Server_DOMAIN=172.18.1.4 - GF_Server_ROOT_URL=http://172.18.1.4:3000 keyrock: image: fiware/idm:7.5.1 container_name: fiware-keyrock hostname: keyrock networks: default: ipv4_address: 172.18.1.5 depends_on: - mysql-db ports: - "3005:3005" - "3443:3443" environment: - DEBUG=idm:* - DATABASE_HOST=mysql-db - IDM_DB_PASS_FILE=/run/secrets/my_secret_data - IDM_DB_USER=root - IDM_HOST=http://localhost:3005 - IDM_PORT=3005 - IDM_HTTPS_ENABLED=false - IDM_HTTPS_PORT=3443 - IDM_ADMIN_USER=admin - IDM_ADMIN_EMAIL=admin@test.com - IDM_ADMIN_PASS=test secrets: - my_secret_data healthcheck: test: curl --fail -s http://localhost:3005/version || exit 1 mysql-db: restart: always image: mysql:5.7 hostname: mysql-db container_name: db-mysql expose: - "3306" ports: - "3306:3306" networks: default: ipv4_address: 172.18.1.6 environment: - "MYSQL_ROOT_PASSWORD_FILE=/run/secrets/my_secret_data" - "MYSQL_ROOT_HOST=172.18.1.5" volumes: - mysql-db-sso:/var/lib/mysql - ./mysql-data:/docker-entrypoint-initdb.d/:ro secrets: - my_secret_data networks: default: ipam: config: - subnet: 172.18.1.0/24 volumes: mysql-db-sso: secrets: my_secret_data: file: ./secrets.txt I have the Grafana application registered in Keyrock and has as callback http://172.18.1.4:3000/login. When I try to Sign-in in Grafana through Oauth it redirects me to the keyrock page to Sign-in, but when entering the credentials it returns me an invalid client_id, but it is the same one that returns Keyrock to me when obtaining the application information. Is it possible that I lack something to configure or should it be done in another way? |
Created question in FIWARE Q/A platform on 05-03-2019 at 09:03
{color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/54998226/single-sign-on-keyrock-grafana-doesnt-work +Question:+ Single Sign on Keyrock-Grafana doesn't work +Description:+ I'm trying to use Keyrock to offer Single Sign-on on different platforms. Specifically, I want to offer that service in Grafana. I've seen the configuration to be changed in Grafana and my docker-compose is like this: version: "3.1" services: grafana: image: grafana/grafana:5.1.0 ports: - 3000:3000 networks: default: ipv4_address: 172.18.1.4 environment: - GF_AUTH_GENERIC_OAUTH_CLIENT_ID=90be8de5-69dc-4b9a-9cc3-962cca534410 - GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=9e98964b-5043-4086-9657-51f1d8c11fe0 - GF_AUTH_GENERIC_OAUTH_ENABLED=true - GF_AUTH_GENERIC_OAUTH_AUTH_URL=http://172.18.1.5:3005/oauth2/authorize - GF_AUTH_GENERIC_OAUTH_TOKEN_URL=http://172.18.1.5:3005/oauth2/token - GF_AUTH_GENERIC_OAUTH_API_URL=http://172.18.1.5:3005/v1/users - GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP = true - GF_Server_DOMAIN=172.18.1.4 - GF_Server_ROOT_URL=http://172.18.1.4:3000 keyrock: image: fiware/idm:7.5.1 container_name: fiware-keyrock hostname: keyrock networks: default: ipv4_address: 172.18.1.5 depends_on: - mysql-db ports: - "3005:3005" - "3443:3443" environment: - DEBUG=idm:* - DATABASE_HOST=mysql-db - IDM_DB_PASS_FILE=/run/secrets/my_secret_data - IDM_DB_USER=root - IDM_HOST=http://localhost:3005 - IDM_PORT=3005 - IDM_HTTPS_ENABLED=false - IDM_HTTPS_PORT=3443 - IDM_ADMIN_USER=admin - IDM_ADMIN_EMAIL=admin@test.com - IDM_ADMIN_PASS=test secrets: - my_secret_data healthcheck: test: curl --fail -s http://localhost:3005/version || exit 1 mysql-db: restart: always image: mysql:5.7 hostname: mysql-db container_name: db-mysql expose: - "3306" ports: - "3306:3306" networks: default: ipv4_address: 172.18.1.6 environment: - "MYSQL_ROOT_PASSWORD_FILE=/run/secrets/my_secret_data" - "MYSQL_ROOT_HOST=172.18.1.5" volumes: - mysql-db-sso:/var/lib/mysql - ./mysql-data:/docker-entrypoint-initdb.d/:ro secrets: - my_secret_data networks: default: ipam: config: - subnet: 172.18.1.0/24 volumes: mysql-db-sso: secrets: my_secret_data: file: ./secrets.txt I have the Grafana application registered in Keyrock and has as callback http://172.18.1.4:3000/login. When I try to Sign-in in Grafana through Oauth it redirects me to the keyrock page to Sign-in, but when entering the credentials it returns me an invalid client_id, but it is the same one that returns Keyrock to me when obtaining the application information. Is it possible that I lack something to configure or should it be done in another way? |
| Assignee | Dmitrii Demin [ dmitrii ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Status | In Progress [ 3 ] | Answered [ 10104 ] |
2019-03-06 21:05|UPDATED status: transition Answered| # answers= 1, accepted answer= False
Show
Backlog Manager
added a comment - 2019-03-06 21:05|UPDATED status: transition Answered| # answers= 1, accepted answer= False
| Resolution | Done [ 10000 ] | |
| Status | Answered [ 10104 ] | Closed [ 6 ] |
| Fix Version/s | 2021 [ 12600 ] |
| Transition | Time In Source Status | Execution Times | Last Executer | Last Execution Date | |||||
|---|---|---|---|---|---|---|---|---|---|
|
1d 8h | 1 | Dmitrii Demin | 06/Mar/19 8:06 PM | |||||
|
59m 19s | 1 | Backlog Manager | 06/Mar/19 9:06 PM | |||||
|
19h 58m | 1 | Dmitrii Demin | 07/Mar/19 5:04 PM |
2019-03-05 12:06|CREATED monitor | # answers= 0, accepted answer= False