Versions Compared

Version Old Version 14 New Version 15
Changes made by

Tharun Kumar K

Gaurav (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Refer the below link to setup Microsoft AD using Azure Portal for SAML authentication:

...

Code Block
keytool -genkey -keyalg RSA -alias <YOUR_DOMAIN>.com -keystore "insights_app_sso_28Apr.jks" -storepass <PASSWORD> -ext san=dns:<YOUR_DOMAIN>.com -validity 1000 -keysize 2048

-storetype JKS

keytool -list -v -keystore "insights_app_sso_28Apr.jks"

keytool -certreq -alias <YOUR_DOMAIN>.com -keystore insights_app_sso_28Apr.jks -storepass <PASSWORD> -file CertCA.crt

...

Steps to Import SAML provider (Azure AD ) certs to JKS keystore. Insights_SAML_SSO.cer is provider cert and download from Azure AD portal

Code Block
keytool -importcertimport cert -file Insights_SAML_SSO.cer -keystore insights_app_sso_28Apr.jks -alias insights_app_sso_28Apr_imported

keytool -importkeystore -srckeystore insights_app_sso_28Apr.jks -destkeystore insights_app_sso_28Apr.p12 -deststoretype PKCS12

openssl pkcs12 -in insights_app_sso_28Apr.p12 -nokeys -out insights_app_sso_28Apr.crt

openssl pkcs12 -in insights_app_sso_28Apr.p12 -nocerts -nodes -out insights_app_sso_28Apr.key

Enable SSO

  1. In server-config.json, change "autheticationProtocol": “SAML”.

  2. In uiConfig.json, change "autheticationProtocol": “SAML”.

  3. Open Grafana defaults.ini file and enable following [auth.proxy] section, do not change other property

    Code Block
    [auth.proxy]
enabled = true
header_name = X-WEBAUTH-USER
header_property = username
auto_sign_up = true
sync_ttl = 60
whitelist =
headers =
headers_encoded = true
enable_login_token = false

  4. Add following in Apache Httpd vhost file Apache24\conf\extra\httpd-vhosts.conf.

    Code Block
    SetEnvIf Cookie "(^|;\ *)username=([^;\ ]+)" MyCookieValue=$2
<If "%{env:MyCookieValue} != ''">
	  RequestHeader set X-WEBAUTH-USER "%{MyCookieValue}e"
</If>

  5. Restart Apache httpd server and Grafana.

  6. Add your SAML or SSO provider detail in server.config.json under “singleSignOnConfig” section.

  7. We can configure either metadataUrl or the metadataFilePath.

  8. Add application host name in insightsServiceURL in server-config.json.

  9. Add host information in  trustedHosts in server-config.json.

  10. Restart PlatformService and UI.

  11. Call URL https://<HostOrDomainName>/insights.

  12.   Login with your organization credential.

...