Grafana
What is Grafana
Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources, Grafana Enterprise version with additional capabilities is also available. It is expandable through a plug-in system.
The following placeholders will be used:
tidecloak.companyis the FQDN of the Tidecloak install.grafana.companyis the FQDN of the Grafana install.
Tidecloak Configuration
- Click on realm dropdown and select your realm.
- Click Clients. Click Create client button.
- Fill the Client form and press Next. Client type: OpenID Connect Client ID: grafana-oidc Name: grafana-oidc Descripion:
- On the next page, turn Client authentication on.
Grafana Configuration
Docker
environment:
GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
GF_AUTH_GENERIC_OAUTH_NAME: "tidecloak"
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "<Client ID from above>"
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "<Client Secret from above>"
GF_AUTH_GENERIC_OAUTH_SCOPES: "openid profile email"
GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://tidecloak.company/realms/myrealm/protocol/openid-connect/auth"
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://tidecloak.company/realms/myrealm/protocol/openid-connect/token"
GF_AUTH_GENERIC_OAUTH_API_URL: "https://tidecloak.company/application/o/userinfo/"
GF_AUTH_SIGNOUT_REDIRECT_URL: "https://tidecloak.company/realms/myrealm/protocol/openid-connect/logout?client_id={Client ID from above}&post_logout_redirect_uri={grafana.company}"
# Optionally enable auto-login (bypasses Grafana login screen)
GF_AUTH_OAUTH_AUTO_LOGIN: "true"
# Optionally map user groups to Grafana roles
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'"