[ https://jira.fiware.org/browse/HELP-15534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dmitrii Demin updated HELP-15534:
---------------------------------
Status: In Progress (was: Open)
> [fiware-stackoverflow] Single Sign on Keyrock-Grafana doesn't work
> ----------------------------------------------------------------------
>
> Key: HELP-15534
> URL: https://jira.fiware.org/browse/HELP-15534
> Project: Help-Desk
> Issue Type: Monitor
> Components: FIWARE-TECH-HELP
> Reporter: Backlog Manager
> Assignee: Dmitrii Demin
> Labels: fiware, fiware-keyrock, grafana, single-sign-on
>
> Created question in FIWARE Q/A platform on 05-03-2019 at 09:03
> {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/54998226/single-sign-on-keyrock-grafana-doesnt-work
> +Question:+
> Single Sign on Keyrock-Grafana doesn't work
> +Description:+
> I'm trying to use Keyrock to offer Single Sign-on on different platforms. Specifically, I want to offer that service in Grafana. I've seen the configuration to be changed in Grafana and my docker-compose is like this:
> version: "3.1"
> services:
> grafana:
> image: grafana/grafana:5.1.0
> ports:
> - 3000:3000
> networks:
> default:
> ipv4_address: 172.18.1.4
> environment:
> - GF_AUTH_GENERIC_OAUTH_CLIENT_ID=90be8de5-69dc-4b9a-9cc3-962cca534410
> - GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=9e98964b-5043-4086-9657-51f1d8c11fe0
> - GF_AUTH_GENERIC_OAUTH_ENABLED=true
> - GF_AUTH_GENERIC_OAUTH_AUTH_URL=http://172.18.1.5:3005/oauth2/authorize
> - GF_AUTH_GENERIC_OAUTH_TOKEN_URL=http://172.18.1.5:3005/oauth2/token
> - GF_AUTH_GENERIC_OAUTH_API_URL=http://172.18.1.5:3005/v1/users
> - GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP = true
> - GF_Server_DOMAIN=172.18.1.4
> - GF_Server_ROOT_URL=http://172.18.1.4:3000
> keyrock:
> image: fiware/idm:7.5.1
> container_name: fiware-keyrock
> hostname: keyrock
> networks:
> default:
> ipv4_address: 172.18.1.5
> depends_on:
> - mysql-db
> ports:
> - "3005:3005"
> - "3443:3443"
> environment:
> - DEBUG=idm:*
> - DATABASE_HOST=mysql-db
> - IDM_DB_PASS_FILE=/run/secrets/my_secret_data
> - IDM_DB_USER=root
> - IDM_HOST=http://localhost:3005
> - IDM_PORT=3005
> - IDM_HTTPS_ENABLED=false
> - IDM_HTTPS_PORT=3443
> - IDM_ADMIN_USER=admin
> - IDM_ADMIN_EMAIL=admin at test.com
> - IDM_ADMIN_PASS=test
> secrets:
> - my_secret_data
> healthcheck:
> test: curl --fail -s http://localhost:3005/version || exit 1
> mysql-db:
> restart: always
> image: mysql:5.7
> hostname: mysql-db
> container_name: db-mysql
> expose:
> - "3306"
> ports:
> - "3306:3306"
> networks:
> default:
> ipv4_address: 172.18.1.6
> environment:
> - "MYSQL_ROOT_PASSWORD_FILE=/run/secrets/my_secret_data"
> - "MYSQL_ROOT_HOST=172.18.1.5"
> volumes:
> - mysql-db-sso:/var/lib/mysql
> - ./mysql-data:/docker-entrypoint-initdb.d/:ro
> secrets:
> - my_secret_data
> networks:
> default:
> ipam:
> config:
> - subnet: 172.18.1.0/24
> volumes:
> mysql-db-sso:
> secrets:
> my_secret_data:
> file: ./secrets.txt
> I have the Grafana application registered in Keyrock and has as callback http://172.18.1.4:3000/login. When I try to Sign-in in Grafana through Oauth it redirects me to the keyrock page to Sign-in, but when entering the credentials it returns me an invalid client_id, but it is the same one that returns Keyrock to me when obtaining the application information.
> Is it possible that I lack something to configure or should it be done in another way?
--
This message was sent by Atlassian JIRA
(v6.4.1#64016)
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy