Versions Compared

Version Old Version 20 New Version Current
Changes made by

Tharun Kumar K

Tharun Kumar K

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
keytool -genkey -keyalg RSA -alias <YOUR_DOMAIN>.com -keystore "insights_app_sso.jks" -storepass <PASSWORD> -ext san=dns:<YOUR_DOMAIN>.com -validity 1000 -keysize 2048 
-storetype JKS

keytool -list -v -keystore "insights_app_sso.jks"

keytool -certreq -alias <YOUR_DOMAIN>.com -keystore insights_app_sso.jks -storepass <PASSWORD> -file CertCA.crt

...

Sample Configuration:

...

Definitions:

Key

Description

1

entityId

Identifier (Entity ID) for your SMAL configuration

2

appId

copy app id from App Federation Metadata Url

3

metadataUrl

App Federation Metadata Url

4

metdataFilePath

Download SAML Signing Certificate from sso provider site and store it in INSIGHTS_HOME

5

keyStoreFilePath

path of certificae like saml-keystore.jks, Download this certificate from your sso provider URL

6

keyAlia

saml-keystore.jks username

7

keyPass

saml-keystore.jks password

8

keyStorePass

saml-keystore.jks password

9

appBaseUrl

Application service Host URL, Example https://<HostOrDomainName>/PlatformService

10

relayStateUrl

SSO login UI page URL, Example https://<HostOrDomainName>/app/#/ssologin

11

defaultTargetUrl

Application user authenticate url, Example https://<HostOrDomainName>/user/authenticate

12

postLogoutURL :

SAML or SSO provider logout URL, Example value: https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0

13

tokenSigningKey:

This is use as secrete key to sign JWT token,It should be 128 character ,Example value:"insights_IDP_CogDevops_SSO_Token_string"

14

registrationId

A unique identifer for this configuration mapping. This identifier may be used in URI paths, so care should be taken that no URI encoding is required.

15

singleSignOnServiceLocation

The singleSignOnService location.

16

privatekeyLocation

path of the generated Private key.

Disable SSO

  1. Mark "autheticationProtocol":"NativeGrafana" in server-config.json

  2. Mark "autheticationProtocol":"NativeGrafana" in uiConfig.json

  3. Open grafana defaults.ini file and disable in [auth.proxy] section and make sure that [auth.basic] enabled 

  4. Remove following in Apache Httpd vhost file Apache24\conf\extra\httpd-vhosts.conf.

    Code Block
    SetEnvIf Cookie "(^|;\ *)username=([^;\ ]+)" MyCookieValue=$2
<If "%{env:MyCookieValue} != ''">
      RequestHeader set X-WEBAUTH-USER "%{MyCookieValue}e"
</If>

  5. Restart Apache httpd server and Grafana

  6. Restart PlatformService and UI.

...