Single sign-on authentication on Django and Grafana2019 Community Moderator ElectionHow to merge two dictionaries in a single expression?What is a “slug” in Django?Django - Set Up A Scheduled Job?How do I do a not equal in Django queryset filtering?Django: Redirect to previous page after loginDoes Django scale?How to debug in Django, the good way?What is the meaning of a single and a double underscore before an object name?How to check Django versiondifferentiate null=True, blank=True in django

What is the likely impact of grounding an entire aircraft series?

What are the pros and cons of practising figure-eight landings on perpendicular runways?

Is "history" a male-biased word ("his+story")?

Do Bugbears' arms literally get longer when it's their turn?

How do I locate a classical quotation?

Time travel short story where dinosaur doesn't taste like chicken

Do I really need to have a scientific explanation for my premise?

PTIJ: Why can't I eat anything?

Single word request: Harming the benefactor

Algorithm to convert a fixed-length string to the smallest possible collision-free representation?

Latest web browser compatible with Windows 98

What are some noteworthy "mic-drop" moments in math?

Does splitting a potentially monolithic application into several smaller ones help prevent bugs?

Could you please stop shuffling the deck and play already?

Am I not good enough for you?

Offered promotion but I'm leaving. Should I tell?

Good allowance savings plan?

Why is Beresheet doing a only a one-way trip?

Who deserves to be first and second author? PhD student who collected data, research associate who wrote the paper or supervisor?

Why does Captain Marvel assume the planet where she lands would recognize her credentials?

What to do when during a meeting client people start to fight (even physically) with each others?

Word for a person who has no opinion about whether god exists

Rejected in 4th interview round citing insufficient years of experience

Unreachable code, but reachable with exception

Single sign-on authentication on Django and Grafana

2019 Community Moderator ElectionHow to merge two dictionaries in a single expression?What is a “slug” in Django?Django - Set Up A Scheduled Job?How do I do a not equal in Django queryset filtering?Django: Redirect to previous page after loginDoes Django scale?How to debug in Django, the good way?What is the meaning of a single and a double underscore before an object name?How to check Django versiondifferentiate null=True, blank=True in django

I'm using grafana iframes in my HTML page running in k, but every time I open my page to view the embedded graphs I need to access grafana and thus login to authenticate my user, my Django application already has a login page, I would like to use only one login on my page and send a proxy request to grafana, so I do not need to perform two logins every time I open my application.

View

class GraphanaProxyView(ProxyView):
 upstream = 'http://172.30.3.141:3000/'

 def get_proxy_request_headers(self, request):
 headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
 headers['X-WEBAUTH-USER'] = request.user.username
 return headers

Urls

url(r'^grafana/(?P<path>.*)$', views.GraphanaProxyView.as_view(), name='graphana-dashboards'),

Config Grafana

grafana:
 image: grafana/grafana:latest
 container_name: grafana
 restart: always
 ports:
 - "3000:3000"
 volumes:
 - "./grafana/datastore:/var/lib/grafana"

 environment:
 - GF_SMTP_ENABLED=true 
 - GF_SMTP_HOST=smtp.gmail.com:587
 - GF_SMTP_USER=user@domain.com.br
 - GF_SMTP_PASSWORD=password
 - GF_SMTP_FROM_NAME=Grafana Snipped
 - GF_SMTP_SKIP_VERIFY=true


 - GF_AUTH_ANONYMOUS_ENABLED=true
 - GF_AUTH_ANONYMOUS_ORG_NAME=View
 - GF_AUTH_ANONYMOUS_ORG_ROLE=View
 - GF_USERS_ALLOW_SIGN_UP=false

 - GF_AUTH_PROXY_ENABLED=true
 - GF_AUTH_PROXY_HEADER_NAME = X-WEBAUTH-USER
 - GF_AUTH_PROXY_HEADER_PROPERTY=username 
 - GF_AUTH_PROXY_AUTO_SIGN_UP=true 
 - GF_AUTH_PROXY_LDAP_SYNC_TTL=60
 - GF_AUTH_PROXY_WHITELIST = 172.30.3.207
 - GF_SERVER_DOMAIN = 172.30.3.141

I'm getting this error when accessing URL:

If you're seeing this Grafana has failed to load its application files

This could be caused by your reverse proxy settings.

If you host grafana under subpath make sure your grafana.ini root_path setting includes subpath

If you have a local dev build make sure you build frontend using: npm run dev, npm run watch, or npm run build

Sometimes restarting grafana-server can help

edited Mar 6 at 17:32

Sagar P. Ghagare

5292721

asked Mar 6 at 16:25

Gabriel Santos

New contributor

add a comment |

View

class GraphanaProxyView(ProxyView):
 upstream = 'http://172.30.3.141:3000/'

 def get_proxy_request_headers(self, request):
 headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
 headers['X-WEBAUTH-USER'] = request.user.username
 return headers

Urls

url(r'^grafana/(?P<path>.*)$', views.GraphanaProxyView.as_view(), name='graphana-dashboards'),

Config Grafana

grafana:
 image: grafana/grafana:latest
 container_name: grafana
 restart: always
 ports:
 - "3000:3000"
 volumes:
 - "./grafana/datastore:/var/lib/grafana"

 environment:
 - GF_SMTP_ENABLED=true 
 - GF_SMTP_HOST=smtp.gmail.com:587
 - GF_SMTP_USER=user@domain.com.br
 - GF_SMTP_PASSWORD=password
 - GF_SMTP_FROM_NAME=Grafana Snipped
 - GF_SMTP_SKIP_VERIFY=true


 - GF_AUTH_ANONYMOUS_ENABLED=true
 - GF_AUTH_ANONYMOUS_ORG_NAME=View
 - GF_AUTH_ANONYMOUS_ORG_ROLE=View
 - GF_USERS_ALLOW_SIGN_UP=false

 - GF_AUTH_PROXY_ENABLED=true
 - GF_AUTH_PROXY_HEADER_NAME = X-WEBAUTH-USER
 - GF_AUTH_PROXY_HEADER_PROPERTY=username 
 - GF_AUTH_PROXY_AUTO_SIGN_UP=true 
 - GF_AUTH_PROXY_LDAP_SYNC_TTL=60
 - GF_AUTH_PROXY_WHITELIST = 172.30.3.207
 - GF_SERVER_DOMAIN = 172.30.3.141

I'm getting this error when accessing URL:

If you're seeing this Grafana has failed to load its application files

This could be caused by your reverse proxy settings.

If you host grafana under subpath make sure your grafana.ini root_path setting includes subpath

If you have a local dev build make sure you build frontend using: npm run dev, npm run watch, or npm run build

Sometimes restarting grafana-server can help

edited Mar 6 at 17:32

Sagar P. Ghagare

5292721

asked Mar 6 at 16:25

Gabriel Santos

New contributor

add a comment |

View

class GraphanaProxyView(ProxyView):
 upstream = 'http://172.30.3.141:3000/'

 def get_proxy_request_headers(self, request):
 headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
 headers['X-WEBAUTH-USER'] = request.user.username
 return headers

Urls

url(r'^grafana/(?P<path>.*)$', views.GraphanaProxyView.as_view(), name='graphana-dashboards'),

Config Grafana

grafana:
 image: grafana/grafana:latest
 container_name: grafana
 restart: always
 ports:
 - "3000:3000"
 volumes:
 - "./grafana/datastore:/var/lib/grafana"

 environment:
 - GF_SMTP_ENABLED=true 
 - GF_SMTP_HOST=smtp.gmail.com:587
 - GF_SMTP_USER=user@domain.com.br
 - GF_SMTP_PASSWORD=password
 - GF_SMTP_FROM_NAME=Grafana Snipped
 - GF_SMTP_SKIP_VERIFY=true


 - GF_AUTH_ANONYMOUS_ENABLED=true
 - GF_AUTH_ANONYMOUS_ORG_NAME=View
 - GF_AUTH_ANONYMOUS_ORG_ROLE=View
 - GF_USERS_ALLOW_SIGN_UP=false

 - GF_AUTH_PROXY_ENABLED=true
 - GF_AUTH_PROXY_HEADER_NAME = X-WEBAUTH-USER
 - GF_AUTH_PROXY_HEADER_PROPERTY=username 
 - GF_AUTH_PROXY_AUTO_SIGN_UP=true 
 - GF_AUTH_PROXY_LDAP_SYNC_TTL=60
 - GF_AUTH_PROXY_WHITELIST = 172.30.3.207
 - GF_SERVER_DOMAIN = 172.30.3.141

I'm getting this error when accessing URL:

If you're seeing this Grafana has failed to load its application files

This could be caused by your reverse proxy settings.

If you host grafana under subpath make sure your grafana.ini root_path setting includes subpath

If you have a local dev build make sure you build frontend using: npm run dev, npm run watch, or npm run build

Sometimes restarting grafana-server can help

edited Mar 6 at 17:32

Sagar P. Ghagare

5292721

asked Mar 6 at 16:25

Gabriel Santos

New contributor

View

class GraphanaProxyView(ProxyView):
 upstream = 'http://172.30.3.141:3000/'

 def get_proxy_request_headers(self, request):
 headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
 headers['X-WEBAUTH-USER'] = request.user.username
 return headers

Urls

url(r'^grafana/(?P<path>.*)$', views.GraphanaProxyView.as_view(), name='graphana-dashboards'),

Config Grafana

grafana:
 image: grafana/grafana:latest
 container_name: grafana
 restart: always
 ports:
 - "3000:3000"
 volumes:
 - "./grafana/datastore:/var/lib/grafana"

 environment:
 - GF_SMTP_ENABLED=true 
 - GF_SMTP_HOST=smtp.gmail.com:587
 - GF_SMTP_USER=user@domain.com.br
 - GF_SMTP_PASSWORD=password
 - GF_SMTP_FROM_NAME=Grafana Snipped
 - GF_SMTP_SKIP_VERIFY=true


 - GF_AUTH_ANONYMOUS_ENABLED=true
 - GF_AUTH_ANONYMOUS_ORG_NAME=View
 - GF_AUTH_ANONYMOUS_ORG_ROLE=View
 - GF_USERS_ALLOW_SIGN_UP=false

 - GF_AUTH_PROXY_ENABLED=true
 - GF_AUTH_PROXY_HEADER_NAME = X-WEBAUTH-USER
 - GF_AUTH_PROXY_HEADER_PROPERTY=username 
 - GF_AUTH_PROXY_AUTO_SIGN_UP=true 
 - GF_AUTH_PROXY_LDAP_SYNC_TTL=60
 - GF_AUTH_PROXY_WHITELIST = 172.30.3.207
 - GF_SERVER_DOMAIN = 172.30.3.141

I'm getting this error when accessing URL:

If you're seeing this Grafana has failed to load its application files

This could be caused by your reverse proxy settings.

If you host grafana under subpath make sure your grafana.ini root_path setting includes subpath

If you have a local dev build make sure you build frontend using: npm run dev, npm run watch, or npm run build

Sometimes restarting grafana-server can help

python django

edited Mar 6 at 17:32

Sagar P. Ghagare

5292721

asked Mar 6 at 16:25

Gabriel Santos

New contributor

edited Mar 6 at 17:32

Sagar P. Ghagare

5292721

asked Mar 6 at 16:25

Gabriel Santos

New contributor

edited Mar 6 at 17:32

Sagar P. Ghagare

5292721

edited Mar 6 at 17:32

Sagar P. Ghagare

5292721

edited Mar 6 at 17:32

Sagar P. Ghagare

5292721

asked Mar 6 at 16:25

Gabriel Santos

New contributor

asked Mar 6 at 16:25

Gabriel Santos

asked Mar 6 at 16:25

Gabriel Santos

New contributor

Gabriel Santos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment |

1 Answer
1

active

oldest

votes

thank you for contacting me by email also.

For the sake of completeness I re-post here the answered I have given to the original post in Stackoverflow Portugal: https://pt.stackoverflow.com/questions/362727/autentica%C3%A7%C3%A3o-single-sign-on-django-e-grafana

Your report is almost complete, great!

Given the warning

This setting is also important if you have a reverse proxy in front of Grafana that exposes it through a subpath. In that case add the subpath to the end of this URL setting.

at http://docs.grafana.org/installation/configuration/#root-url

a fault can be the setting of the GF_SERVER_DOMAIN envvar that should be replaced by the GF_SERVER_ROOT_URL=http://172.30.3.141:3000/ that holds the port (and this would mean a bug of Grafana documentation...)

If not this, only two other questions come to my mind to identify the issue:

does your request.user.username match the Grafana username?

what is the "src" attribute of your iframe? It must be https://172.30.3.207/grafana/(dashboard path)

beside this basic questions I suggest you to try to remove the GF_AUTH_PROXY_WHITELIST envvar and to try to authenticate via curl like:

curl -H "X-WEBAUTH-USER: anthony" http://172.30.3.141:3000/api/user

as you can find at http://docs.grafana.org/auth/auth-proxy/#interacting-with-grafana-s-authproxy-via-curl

Follows my Django view and my grafana config to reach the working result, but seen no meaningful differences:

class GraphanaProxyView(ProxyView):
upstream = 'http://localhost:8891/dashboard/'

def get_proxy_request_headers(self, request):
 headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
 headers['X-WEBAUTH-APP-USER'] = request.user.username
 return header

Grafana config:

[auth]
disable_login_form = true

[auth.proxy]
enabled = true
header_name = X-WEBAUTH-APP-USER
;header_property = username
;auto_sign_up = true
;ldap_sync_ttl = 60
whitelist = 127.0.0.1

[auth.basic]
enabled = false


[server]
protocol = http
http_addr = 127.0.0.1
http_port = 8891

domain = solomon.labs.befair.it
;enforce_domain = false
root_url = https://%(domain)s/ui/

edited Mar 7 at 9:07

answered Mar 7 at 8:54

fero

1814

add a comment |

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);

);

Gabriel Santos is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55027833%2fsingle-sign-on-authentication-on-django-and-grafana%23new-answer', 'question_page');

);

Post as a guest

Name

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

thank you for contacting me by email also.

Your report is almost complete, great!

Given the warning

This setting is also important if you have a reverse proxy in front of Grafana that exposes it through a subpath. In that case add the subpath to the end of this URL setting.

at http://docs.grafana.org/installation/configuration/#root-url

If not this, only two other questions come to my mind to identify the issue:

does your request.user.username match the Grafana username?

what is the "src" attribute of your iframe? It must be https://172.30.3.207/grafana/(dashboard path)

beside this basic questions I suggest you to try to remove the GF_AUTH_PROXY_WHITELIST envvar and to try to authenticate via curl like:

curl -H "X-WEBAUTH-USER: anthony" http://172.30.3.141:3000/api/user

as you can find at http://docs.grafana.org/auth/auth-proxy/#interacting-with-grafana-s-authproxy-via-curl

Follows my Django view and my grafana config to reach the working result, but seen no meaningful differences:

class GraphanaProxyView(ProxyView):
upstream = 'http://localhost:8891/dashboard/'

def get_proxy_request_headers(self, request):
 headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
 headers['X-WEBAUTH-APP-USER'] = request.user.username
 return header

Grafana config:

[auth]
disable_login_form = true

[auth.proxy]
enabled = true
header_name = X-WEBAUTH-APP-USER
;header_property = username
;auto_sign_up = true
;ldap_sync_ttl = 60
whitelist = 127.0.0.1

[auth.basic]
enabled = false


[server]
protocol = http
http_addr = 127.0.0.1
http_port = 8891

domain = solomon.labs.befair.it
;enforce_domain = false
root_url = https://%(domain)s/ui/

edited Mar 7 at 9:07

answered Mar 7 at 8:54

fero

1814

add a comment |

thank you for contacting me by email also.

Your report is almost complete, great!

Given the warning

This setting is also important if you have a reverse proxy in front of Grafana that exposes it through a subpath. In that case add the subpath to the end of this URL setting.

at http://docs.grafana.org/installation/configuration/#root-url

If not this, only two other questions come to my mind to identify the issue:

does your request.user.username match the Grafana username?

what is the "src" attribute of your iframe? It must be https://172.30.3.207/grafana/(dashboard path)

beside this basic questions I suggest you to try to remove the GF_AUTH_PROXY_WHITELIST envvar and to try to authenticate via curl like:

curl -H "X-WEBAUTH-USER: anthony" http://172.30.3.141:3000/api/user

as you can find at http://docs.grafana.org/auth/auth-proxy/#interacting-with-grafana-s-authproxy-via-curl

Follows my Django view and my grafana config to reach the working result, but seen no meaningful differences:

class GraphanaProxyView(ProxyView):
upstream = 'http://localhost:8891/dashboard/'

def get_proxy_request_headers(self, request):
 headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
 headers['X-WEBAUTH-APP-USER'] = request.user.username
 return header

Grafana config:

[auth]
disable_login_form = true

[auth.proxy]
enabled = true
header_name = X-WEBAUTH-APP-USER
;header_property = username
;auto_sign_up = true
;ldap_sync_ttl = 60
whitelist = 127.0.0.1

[auth.basic]
enabled = false


[server]
protocol = http
http_addr = 127.0.0.1
http_port = 8891

domain = solomon.labs.befair.it
;enforce_domain = false
root_url = https://%(domain)s/ui/

edited Mar 7 at 9:07

answered Mar 7 at 8:54

fero

1814

add a comment |

thank you for contacting me by email also.

Your report is almost complete, great!

Given the warning

This setting is also important if you have a reverse proxy in front of Grafana that exposes it through a subpath. In that case add the subpath to the end of this URL setting.

at http://docs.grafana.org/installation/configuration/#root-url

If not this, only two other questions come to my mind to identify the issue:

does your request.user.username match the Grafana username?

what is the "src" attribute of your iframe? It must be https://172.30.3.207/grafana/(dashboard path)

beside this basic questions I suggest you to try to remove the GF_AUTH_PROXY_WHITELIST envvar and to try to authenticate via curl like:

curl -H "X-WEBAUTH-USER: anthony" http://172.30.3.141:3000/api/user

as you can find at http://docs.grafana.org/auth/auth-proxy/#interacting-with-grafana-s-authproxy-via-curl

Follows my Django view and my grafana config to reach the working result, but seen no meaningful differences:

class GraphanaProxyView(ProxyView):
upstream = 'http://localhost:8891/dashboard/'

def get_proxy_request_headers(self, request):
 headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
 headers['X-WEBAUTH-APP-USER'] = request.user.username
 return header

Grafana config:

[auth]
disable_login_form = true

[auth.proxy]
enabled = true
header_name = X-WEBAUTH-APP-USER
;header_property = username
;auto_sign_up = true
;ldap_sync_ttl = 60
whitelist = 127.0.0.1

[auth.basic]
enabled = false


[server]
protocol = http
http_addr = 127.0.0.1
http_port = 8891

domain = solomon.labs.befair.it
;enforce_domain = false
root_url = https://%(domain)s/ui/

edited Mar 7 at 9:07

answered Mar 7 at 8:54

fero

1814

thank you for contacting me by email also.

Your report is almost complete, great!

Given the warning

This setting is also important if you have a reverse proxy in front of Grafana that exposes it through a subpath. In that case add the subpath to the end of this URL setting.

at http://docs.grafana.org/installation/configuration/#root-url

If not this, only two other questions come to my mind to identify the issue:

does your request.user.username match the Grafana username?

what is the "src" attribute of your iframe? It must be https://172.30.3.207/grafana/(dashboard path)

beside this basic questions I suggest you to try to remove the GF_AUTH_PROXY_WHITELIST envvar and to try to authenticate via curl like:

curl -H "X-WEBAUTH-USER: anthony" http://172.30.3.141:3000/api/user

as you can find at http://docs.grafana.org/auth/auth-proxy/#interacting-with-grafana-s-authproxy-via-curl

Follows my Django view and my grafana config to reach the working result, but seen no meaningful differences:

class GraphanaProxyView(ProxyView):
upstream = 'http://localhost:8891/dashboard/'

def get_proxy_request_headers(self, request):
 headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
 headers['X-WEBAUTH-APP-USER'] = request.user.username
 return header

Grafana config:

[auth]
disable_login_form = true

[auth.proxy]
enabled = true
header_name = X-WEBAUTH-APP-USER
;header_property = username
;auto_sign_up = true
;ldap_sync_ttl = 60
whitelist = 127.0.0.1

[auth.basic]
enabled = false


[server]
protocol = http
http_addr = 127.0.0.1
http_port = 8891

domain = solomon.labs.befair.it
;enforce_domain = false
root_url = https://%(domain)s/ui/

edited Mar 7 at 9:07

answered Mar 7 at 8:54

fero

1814

edited Mar 7 at 9:07

answered Mar 7 at 8:54

fero

1814

answered Mar 7 at 8:54

fero

1814

answered Mar 7 at 8:54

fero

1814

add a comment |

Gabriel Santos is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Gabriel Santos is a new contributor. Be nice, and check out our Code of Conduct.

Thanks for contributing an answer to Stack Overflow!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Ufdjrw

1 Answer
1

Your Answer

Post as a guest

1 Answer
1

1 Answer
1

Post as a guest

Popular posts from this blog

1 Answer 1

Your Answer

Sign up or log in

Post as a guest

Post as a guest

1 Answer 1

1 Answer 1

Sign up or log in

Post as a guest

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Popular posts from this blog

1 Answer
1

1 Answer
1

1 Answer
1