Versions Compared

Version Old Version 1 New Version 2
Changes made by

Pooja Gupta (Unlicensed)

Pooja Gupta (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has rights to and eliminates further prompts when the user switches applications during the same session.

Ability to authenticate to Insights using the existing JWT token. Pasting the text which has been received from the customer. Insights will consume this auth token to validate user and log in to grafana Insights does not create new JWT token but relies on shared token by client system., Insights application will consume this JWT token to authenticate and authorize user.

Prerequisite

  • Currently JWT authentication support only through iframe Insights will consume Shared JWT token, user application send this token to insights application using iframe

  • JWT signing key must 256 character as per latest JWT specification.

Enable SSO

  1. In server-config.json,

    1. change "autheticationProtocol":”JWT”

    2. In singleSignOnConfig section set following three properties

    3. Add application host name in insightsServiceURL in server-config.json

    4. Add host information in  trustedHosts in server-config.json

  2. In uiConfig.json,

    1. change "autheticationProtocol":”JWT”

    2. singleSignOnConfig section to "singleSignOnConfig": {
      "loginURL": "/PlatformService/user/insightsso/authenticateJWT",
      "logoutURL": "/PlatformService/user/insightsso/logout"
      },

  3. Open grafana default.ini file and enable following [auth.proxy] section, do not change other property[auth.proxy]
    enabled = true
    header_name = X-WEBAUTH-USER
    header_property = username
    auto_sign_up = true
    ldap_sync_ttl = 60
    whitelist =
    headers =

...

6. Open user application and open insights application as iframe.

Disable SSO

  1. Mark "autheticationProtocol":"NativeGrafana" in server-config.json

  2. Mark "autheticationProtocol":"NativeGrafana" in uiConfig.json

  3. Open grafana default.ini file and disable in [auth.proxy] section and make sure that [auth.basic] enabled 

  4. Remove following in Apache Httpd vhost file Apache24\conf\extra\httpd-vhosts.conf

...