...
| Code Block |
|---|
keytool -importcert -file Insights_SAML_SSO.cer -keystore insights_app_sso.jks -alias insights_app_sso_28Apr_imported
keytool -importkeystore -srckeystore insights_app_sso.jks -destkeystore insights_app_sso.p12 -deststoretype PKCS12
openssl pkcs12 -in insights_app_sso.p12 -nokeys -out insights_app_sso.crt
openssl pkcs12 -in insights_app_sso.p12 -nocerts -nodes -out insights_app_sso.key
openssl pkcs8 -topk8 -in insights_app_sso.key -out insights_private.key -nocrypt
#insights_private.key will be the private key used for SSO configuration |
Enable SSO
In server-config.json, change "autheticationProtocol": “SAML”.
In uiConfig.json, change "autheticationProtocol": “SAML”.
Open Grafana defaults.ini file and enable following [auth.proxy] section, do not change other property
Code Block [auth.proxy] enabled = true header_name = X-WEBAUTH-USER header_property = username auto_sign_up = true sync_ttl = 60 whitelist = headers = headers_encoded = true enable_login_token = false
Add following in Apache Httpd vhost file Apache24\conf\extra\httpd-vhosts.conf.
Code Block SetEnvIf Cookie "(^|;\ *)username=([^;\ ]+)" MyCookieValue=$2 <If "%{env:MyCookieValue} != ''"> RequestHeader set X-WEBAUTH-USER "%{MyCookieValue}e" </If>Restart Apache httpd server and Grafana.
Add your SAML or SSO provider detail in server.config.json under “singleSignOnConfig” section.
We can configure either metadataUrl or the metadataFilePath.
Add application host name in insightsServiceURL in server-config.json.
Add host information in trustedHosts in server-config.json.
Restart PlatformService and UI.
Call URL https://<HostOrDomainName>/insights.
Login with your organization credential.
...