Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Introduction

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has rights to and eliminates further prompts when the user switches applications during the same session.

Ability to authenticate to Insights using the existing JWT token. Pasting the text which has been received from the customer. Insights will consume this auth token to validate user and log in to grafana.

Prerequisite

  • Currently JWT authentication support through iframe

  • Insights will consume Shared JWT token, user application send this token to insights application using iframe.

Enable SSO

  1. In server-config.json,

    1. change "autheticationProtocol":”JWT”

    2. In singleSignOnConfig section set following three properties

    3. Add application host name in insightsServiceURL in server-config.json

    4. Add host information in  trustedHosts in server-config.json

  2. In uiConfig.json,

    1. change "autheticationProtocol":”JWT”

    2. singleSignOnConfig section to "singleSignOnConfig": {
      "loginURL": "/PlatformService/user/insightsso/authenticateJWT",
      "logoutURL": "/PlatformService/user/insightsso/logout"
      },

  3. Open grafana default.ini file and enable following [auth.proxy] section, do not change other property[auth.proxy]
    enabled = true
    header_name = X-WEBAUTH-USER
    header_property = username
    auto_sign_up = true
    ldap_sync_ttl = 60
    whitelist =
    headers =

4. Add following in Apache Httpd vhost file Apache24\conf\extra\httpd-vhosts.conf

SetEnvIf Cookie "(^|;\ *)username=([^;\ ]+)" MyCookieValue=$2
<If "%{env:MyCookieValue} != ''">
RequestHeader set X-WEBAUTH-USER "%{MyCookieValue}e"
</If>

5. Restart Apache httpd server, Grafana and Apache Tomcat.

6. Open user application and open insights application as iframe.

Disable SSO

  1. Mark "autheticationProtocol":"NativeGrafana" in server-config.json

  2. Mark "autheticationProtocol":"NativeGrafana" in uiConfig.json

  3. Open grafana default.ini file and disable in [auth.proxy] section and make sure that [auth.basic] enabled 

  4. Remove following in Apache Httpd vhost file Apache24\conf\extra\httpd-vhosts.conf

SetEnvIf Cookie "(^|;\ *)username=([^;\ ]+)" MyCookieValue=$2
<If "%{env:MyCookieValue} != ''">
RequestHeader set X-WEBAUTH-USER "%{MyCookieValue}e"
</If>

5.Restart Apache httpd server and Grafana

6.Restart Apache Tomcat

  • No labels

©2021 Cognizant, all rights reserved. US Patent 10,410,152