[HELP-15534] [fiware-stackoverflow] Single Sign on Keyrock-Grafana doesn't work - JIRA

Details

Type: Monitor
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 2021
Component/s: FIWARE-TECH-HELP
Labels:

Source URL:
https://stackoverflow.com/questions/54998226/single-sign-on-keyrock-grafana-doesnt-work
HD-Enabler:
KeyRock

Description

Created question in FIWARE Q/A platform on 05-03-2019 at 09:03
Please, ANSWER this question AT https://stackoverflow.com/questions/54998226/single-sign-on-keyrock-grafana-doesnt-work

Question:
Single Sign on Keyrock-Grafana doesn't work

Description:
I'm trying to use Keyrock to offer Single Sign-on on different platforms. Specifically, I want to offer that service in Grafana. I've seen the configuration to be changed in Grafana and my docker-compose is like this:

version: "3.1"
services:

grafana:
image: grafana/grafana:5.1.0
ports:

3000:3000
networks:
default:
ipv4_address: 172.18.1.4
environment:
GF_AUTH_GENERIC_OAUTH_CLIENT_ID=90be8de5-69dc-4b9a-9cc3-962cca534410
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=9e98964b-5043-4086-9657-51f1d8c11fe0
GF_AUTH_GENERIC_OAUTH_ENABLED=true
GF_AUTH_GENERIC_OAUTH_AUTH_URL=http://172.18.1.5:3005/oauth2/authorize
GF_AUTH_GENERIC_OAUTH_TOKEN_URL=http://172.18.1.5:3005/oauth2/token
GF_AUTH_GENERIC_OAUTH_API_URL=http://172.18.1.5:3005/v1/users
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP = true
GF_Server_DOMAIN=172.18.1.4
GF_Server_ROOT_URL=http://172.18.1.4:3000

keyrock:
image: fiware/idm:7.5.1
container_name: fiware-keyrock
hostname: keyrock
networks:
default:
ipv4_address: 172.18.1.5
depends_on:

mysql-db
ports:
"3005:3005"
"3443:3443"
environment:
DEBUG=idm:*
DATABASE_HOST=mysql-db
IDM_DB_PASS_FILE=/run/secrets/my_secret_data
IDM_DB_USER=root
IDM_HOST=http://localhost:3005
IDM_PORT=3005
IDM_HTTPS_ENABLED=false
IDM_HTTPS_PORT=3443
IDM_ADMIN_USER=admin
IDM_ADMIN_EMAIL=admin@test.com
IDM_ADMIN_PASS=test
secrets:
my_secret_data
healthcheck:
test: curl --fail -s http://localhost:3005/version || exit 1

mysql-db:
restart: always
image: mysql:5.7
hostname: mysql-db
container_name: db-mysql
expose:

"3306"
ports:
"3306:3306"
networks:
default:
ipv4_address: 172.18.1.6
environment:
"MYSQL_ROOT_PASSWORD_FILE=/run/secrets/my_secret_data"
"MYSQL_ROOT_HOST=172.18.1.5"
volumes:
mysql-db-sso:/var/lib/mysql
./mysql-data:/docker-entrypoint-initdb.d/:ro
secrets:
my_secret_data

networks:
default:
ipam:
config:

subnet: 172.18.1.0/24
volumes:
mysql-db-sso:

secrets:
my_secret_data:
file: ./secrets.txt

I have the Grafana application registered in Keyrock and has as callback http://172.18.1.4:3000/login. When I try to Sign-in in Grafana through Oauth it redirects me to the keyrock page to Sign-in, but when entering the credentials it returns me an invalid client_id, but it is the same one that returns Keyrock to me when obtaining the application information.

Is it possible that I lack something to configure or should it be done in another way?

Activity

Transition

Time In Source Status

Execution Times

Last Executer

Last Execution Date

Open

In Progress

1d 8h

Dmitrii Demin

06/Mar/19 8:06 PM

In Progress

Answered

59m 19s

Backlog Manager

06/Mar/19 9:06 PM

Answered

Closed

19h 58m

Dmitrii Demin

07/Mar/19 5:04 PM

People

Assignee:

Dmitrii Demin

Reporter:

Backlog Manager

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

05/Mar/19 12:06 PM

Updated:

27/May/21 10:54 AM

Resolved:

07/Mar/19 5:04 PM

Agile

View on Board