Grafana使用Azure Active Directory的OAuth2登录

首先在Azure Portal创建应用。

Azure AD -> App registrations -> New application registration,Display name 随便填,Reply URL 填http://example.com/login/generic_oauth(域名部分根据你的真实情况填写)。点创建。创建完成后,前往Settings -> Keys,在Password表中随便填一个description,expires选Never expires,点保存,value中会显示一个随机字符串key,记下这个字符串。

然后你需要复制:

  • Azure AD的GUID(点击Portal右上角Directory + subscription后可以看到)
  • 你刚创建的应用的Application ID(在Registered app页面可以看到)
  • Secret,即你刚创建的Key

接着编辑Grafana配置文件/etc/grafana/grafana.ini

#################################### Generic OAuth ##########################
[auth.generic_oauth]
enabled = true
name = Azure AD
allow_sign_up = true
client_id = <Application GUID>
client_secret = <Secret>
scopes = openid email name
auth_url = https://login.microsoftonline.com/<Directory GUID>/oauth2/authorize
token_url = https://login.microsoftonline.com/<Directory GUID>/oauth2/token
api_url = 
team_ids =
allowed_organizations =
;tls_skip_verify_insecure = false
;tls_client_cert =
;tls_client_key =
;tls_client_ca =

; Set to true to enable sending client_id and client_secret via POST body instead of Basic authentication HTTP header
; This might be required if the OAuth provider is not RFC6749 compliant, only supporting credentials passed via POST payload
;send_client_credentials_via_post = false

重启Grafana,大功告成。

发表评论

电子邮件地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据