Single sign-on authentication on Django and Grafana2019 Community Moderator ElectionHow to merge two dictionaries in a single expression?What is a “slug” in Django?Django - Set Up A Scheduled Job?How do I do a not equal in Django queryset filtering?Django: Redirect to previous page after loginDoes Django scale?How to debug in Django, the good way?What is the meaning of a single and a double underscore before an object name?How to check Django versiondifferentiate null=True, blank=True in django
What is the likely impact of grounding an entire aircraft series?
What are the pros and cons of practising figure-eight landings on perpendicular runways?
Is "history" a male-biased word ("his+story")?
Do Bugbears' arms literally get longer when it's their turn?
How do I locate a classical quotation?
Time travel short story where dinosaur doesn't taste like chicken
Do I really need to have a scientific explanation for my premise?
PTIJ: Why can't I eat anything?
Single word request: Harming the benefactor
Algorithm to convert a fixed-length string to the smallest possible collision-free representation?
Latest web browser compatible with Windows 98
What are some noteworthy "mic-drop" moments in math?
Does splitting a potentially monolithic application into several smaller ones help prevent bugs?
Could you please stop shuffling the deck and play already?
Am I not good enough for you?
Offered promotion but I'm leaving. Should I tell?
Good allowance savings plan?
Why is Beresheet doing a only a one-way trip?
Who deserves to be first and second author? PhD student who collected data, research associate who wrote the paper or supervisor?
Why does Captain Marvel assume the planet where she lands would recognize her credentials?
What to do when during a meeting client people start to fight (even physically) with each others?
Word for a person who has no opinion about whether god exists
Rejected in 4th interview round citing insufficient years of experience
Unreachable code, but reachable with exception
Single sign-on authentication on Django and Grafana
2019 Community Moderator ElectionHow to merge two dictionaries in a single expression?What is a “slug” in Django?Django - Set Up A Scheduled Job?How do I do a not equal in Django queryset filtering?Django: Redirect to previous page after loginDoes Django scale?How to debug in Django, the good way?What is the meaning of a single and a double underscore before an object name?How to check Django versiondifferentiate null=True, blank=True in django
I'm using grafana iframes in my HTML page running in k, but every time I open my page to view the embedded graphs I need to access grafana and thus login to authenticate my user, my Django application already has a login page, I would like to use only one login on my page and send a proxy request to grafana, so I do not need to perform two logins every time I open my application.
View
class GraphanaProxyView(ProxyView):
upstream = 'http://172.30.3.141:3000/'
def get_proxy_request_headers(self, request):
headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
headers['X-WEBAUTH-USER'] = request.user.username
return headers
Urls
url(r'^grafana/(?P<path>.*)$', views.GraphanaProxyView.as_view(), name='graphana-dashboards'),
Config Grafana
grafana:
image: grafana/grafana:latest
container_name: grafana
restart: always
ports:
- "3000:3000"
volumes:
- "./grafana/datastore:/var/lib/grafana"
environment:
- GF_SMTP_ENABLED=true
- GF_SMTP_HOST=smtp.gmail.com:587
- GF_SMTP_USER=user@domain.com.br
- GF_SMTP_PASSWORD=password
- GF_SMTP_FROM_NAME=Grafana Snipped
- GF_SMTP_SKIP_VERIFY=true
- GF_AUTH_ANONYMOUS_ENABLED=true
- GF_AUTH_ANONYMOUS_ORG_NAME=View
- GF_AUTH_ANONYMOUS_ORG_ROLE=View
- GF_USERS_ALLOW_SIGN_UP=false
- GF_AUTH_PROXY_ENABLED=true
- GF_AUTH_PROXY_HEADER_NAME = X-WEBAUTH-USER
- GF_AUTH_PROXY_HEADER_PROPERTY=username
- GF_AUTH_PROXY_AUTO_SIGN_UP=true
- GF_AUTH_PROXY_LDAP_SYNC_TTL=60
- GF_AUTH_PROXY_WHITELIST = 172.30.3.207
- GF_SERVER_DOMAIN = 172.30.3.141
I'm getting this error when accessing URL:
If you're seeing this Grafana has failed to load its application files
This could be caused by your reverse proxy settings.
If you host
grafanaunder subpath make sure yourgrafana.iniroot_path setting includes subpathIf you have a local dev build make sure you build frontend using:
npm run dev,npm run watch, ornpm run buildSometimes restarting
grafana-servercan help
python django
edited Mar 6 at 17:32
Sagar P. Ghagare
5292721
asked Mar 6 at 16:25
Gabriel SantosGabriel Santos
32
New contributor
Gabriel Santos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I'm using grafana iframes in my HTML page running in k, but every time I open my page to view the embedded graphs I need to access grafana and thus login to authenticate my user, my Django application already has a login page, I would like to use only one login on my page and send a proxy request to grafana, so I do not need to perform two logins every time I open my application.
View
class GraphanaProxyView(ProxyView):
upstream = 'http://172.30.3.141:3000/'
def get_proxy_request_headers(self, request):
headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
headers['X-WEBAUTH-USER'] = request.user.username
return headers
Urls
url(r'^grafana/(?P<path>.*)$', views.GraphanaProxyView.as_view(), name='graphana-dashboards'),
Config Grafana
grafana:
image: grafana/grafana:latest
container_name: grafana
restart: always
ports:
- "3000:3000"
volumes:
- "./grafana/datastore:/var/lib/grafana"
environment:
- GF_SMTP_ENABLED=true
- GF_SMTP_HOST=smtp.gmail.com:587
- GF_SMTP_USER=user@domain.com.br
- GF_SMTP_PASSWORD=password
- GF_SMTP_FROM_NAME=Grafana Snipped
- GF_SMTP_SKIP_VERIFY=true
- GF_AUTH_ANONYMOUS_ENABLED=true
- GF_AUTH_ANONYMOUS_ORG_NAME=View
- GF_AUTH_ANONYMOUS_ORG_ROLE=View
- GF_USERS_ALLOW_SIGN_UP=false
- GF_AUTH_PROXY_ENABLED=true
- GF_AUTH_PROXY_HEADER_NAME = X-WEBAUTH-USER
- GF_AUTH_PROXY_HEADER_PROPERTY=username
- GF_AUTH_PROXY_AUTO_SIGN_UP=true
- GF_AUTH_PROXY_LDAP_SYNC_TTL=60
- GF_AUTH_PROXY_WHITELIST = 172.30.3.207
- GF_SERVER_DOMAIN = 172.30.3.141
I'm getting this error when accessing URL:
If you're seeing this Grafana has failed to load its application files
This could be caused by your reverse proxy settings.
If you host
grafanaunder subpath make sure yourgrafana.iniroot_path setting includes subpathIf you have a local dev build make sure you build frontend using:
npm run dev,npm run watch, ornpm run buildSometimes restarting
grafana-servercan help
python django
edited Mar 6 at 17:32
Sagar P. Ghagare
5292721
asked Mar 6 at 16:25
Gabriel SantosGabriel Santos
32
New contributor
Gabriel Santos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I'm using grafana iframes in my HTML page running in k, but every time I open my page to view the embedded graphs I need to access grafana and thus login to authenticate my user, my Django application already has a login page, I would like to use only one login on my page and send a proxy request to grafana, so I do not need to perform two logins every time I open my application.
View
class GraphanaProxyView(ProxyView):
upstream = 'http://172.30.3.141:3000/'
def get_proxy_request_headers(self, request):
headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
headers['X-WEBAUTH-USER'] = request.user.username
return headers
Urls
url(r'^grafana/(?P<path>.*)$', views.GraphanaProxyView.as_view(), name='graphana-dashboards'),
Config Grafana
grafana:
image: grafana/grafana:latest
container_name: grafana
restart: always
ports:
- "3000:3000"
volumes:
- "./grafana/datastore:/var/lib/grafana"
environment:
- GF_SMTP_ENABLED=true
- GF_SMTP_HOST=smtp.gmail.com:587
- GF_SMTP_USER=user@domain.com.br
- GF_SMTP_PASSWORD=password
- GF_SMTP_FROM_NAME=Grafana Snipped
- GF_SMTP_SKIP_VERIFY=true
- GF_AUTH_ANONYMOUS_ENABLED=true
- GF_AUTH_ANONYMOUS_ORG_NAME=View
- GF_AUTH_ANONYMOUS_ORG_ROLE=View
- GF_USERS_ALLOW_SIGN_UP=false
- GF_AUTH_PROXY_ENABLED=true
- GF_AUTH_PROXY_HEADER_NAME = X-WEBAUTH-USER
- GF_AUTH_PROXY_HEADER_PROPERTY=username
- GF_AUTH_PROXY_AUTO_SIGN_UP=true
- GF_AUTH_PROXY_LDAP_SYNC_TTL=60
- GF_AUTH_PROXY_WHITELIST = 172.30.3.207
- GF_SERVER_DOMAIN = 172.30.3.141
I'm getting this error when accessing URL:
If you're seeing this Grafana has failed to load its application files
This could be caused by your reverse proxy settings.
If you host
grafanaunder subpath make sure yourgrafana.iniroot_path setting includes subpathIf you have a local dev build make sure you build frontend using:
npm run dev,npm run watch, ornpm run buildSometimes restarting
grafana-servercan help
python django
edited Mar 6 at 17:32
Sagar P. Ghagare
5292721
asked Mar 6 at 16:25
Gabriel SantosGabriel Santos
32
New contributor
Gabriel Santos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I'm using grafana iframes in my HTML page running in k, but every time I open my page to view the embedded graphs I need to access grafana and thus login to authenticate my user, my Django application already has a login page, I would like to use only one login on my page and send a proxy request to grafana, so I do not need to perform two logins every time I open my application.
View
class GraphanaProxyView(ProxyView):
upstream = 'http://172.30.3.141:3000/'
def get_proxy_request_headers(self, request):
headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
headers['X-WEBAUTH-USER'] = request.user.username
return headers
Urls
url(r'^grafana/(?P<path>.*)$', views.GraphanaProxyView.as_view(), name='graphana-dashboards'),
Config Grafana
grafana:
image: grafana/grafana:latest
container_name: grafana
restart: always
ports:
- "3000:3000"
volumes:
- "./grafana/datastore:/var/lib/grafana"
environment:
- GF_SMTP_ENABLED=true
- GF_SMTP_HOST=smtp.gmail.com:587
- GF_SMTP_USER=user@domain.com.br
- GF_SMTP_PASSWORD=password
- GF_SMTP_FROM_NAME=Grafana Snipped
- GF_SMTP_SKIP_VERIFY=true
- GF_AUTH_ANONYMOUS_ENABLED=true
- GF_AUTH_ANONYMOUS_ORG_NAME=View
- GF_AUTH_ANONYMOUS_ORG_ROLE=View
- GF_USERS_ALLOW_SIGN_UP=false
- GF_AUTH_PROXY_ENABLED=true
- GF_AUTH_PROXY_HEADER_NAME = X-WEBAUTH-USER
- GF_AUTH_PROXY_HEADER_PROPERTY=username
- GF_AUTH_PROXY_AUTO_SIGN_UP=true
- GF_AUTH_PROXY_LDAP_SYNC_TTL=60
- GF_AUTH_PROXY_WHITELIST = 172.30.3.207
- GF_SERVER_DOMAIN = 172.30.3.141
I'm getting this error when accessing URL:
If you're seeing this Grafana has failed to load its application files
This could be caused by your reverse proxy settings.
If you host
grafanaunder subpath make sure yourgrafana.iniroot_path setting includes subpathIf you have a local dev build make sure you build frontend using:
npm run dev,npm run watch, ornpm run buildSometimes restarting
grafana-servercan help
python django
python django
edited Mar 6 at 17:32
Sagar P. Ghagare
5292721
asked Mar 6 at 16:25
Gabriel SantosGabriel Santos
32
New contributor
Gabriel Santos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited Mar 6 at 17:32
Sagar P. Ghagare
5292721
asked Mar 6 at 16:25
Gabriel SantosGabriel Santos
32
New contributor
Gabriel Santos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited Mar 6 at 17:32
Sagar P. Ghagare
5292721
edited Mar 6 at 17:32
Sagar P. Ghagare
5292721
edited Mar 6 at 17:32
Sagar P. Ghagare
5292721
5292721
asked Mar 6 at 16:25
Gabriel SantosGabriel Santos
32
New contributor
Gabriel Santos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Mar 6 at 16:25
Gabriel SantosGabriel Santos
32
asked Mar 6 at 16:25
Gabriel SantosGabriel Santos
32
32
New contributor
Gabriel Santos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Gabriel Santos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Gabriel Santos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
thank you for contacting me by email also.
For the sake of completeness I re-post here the answered I have given to the original post in Stackoverflow Portugal: https://pt.stackoverflow.com/questions/362727/autentica%C3%A7%C3%A3o-single-sign-on-django-e-grafana
Your report is almost complete, great!
Given the warning
This setting is also important if you have a reverse proxy in front of Grafana that exposes it through a subpath. In that case add the subpath to the end of this URL setting.
at http://docs.grafana.org/installation/configuration/#root-url
a fault can be the setting of the GF_SERVER_DOMAIN envvar that should be replaced by the GF_SERVER_ROOT_URL=http://172.30.3.141:3000/ that holds the port (and this would mean a bug of Grafana documentation...)
If not this, only two other questions come to my mind to identify the issue:
- does your request.user.username match the Grafana username?
- what is the "src" attribute of your iframe? It must be
https://172.30.3.207/grafana/(dashboard path)
beside this basic questions I suggest you to try to remove the GF_AUTH_PROXY_WHITELIST envvar and to try to authenticate via curl like:
curl -H "X-WEBAUTH-USER: anthony" http://172.30.3.141:3000/api/user
as you can find at http://docs.grafana.org/auth/auth-proxy/#interacting-with-grafana-s-authproxy-via-curl
Follows my Django view and my grafana config to reach the working result, but seen no meaningful differences:
class GraphanaProxyView(ProxyView):
upstream = 'http://localhost:8891/dashboard/'
def get_proxy_request_headers(self, request):
headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
headers['X-WEBAUTH-APP-USER'] = request.user.username
return header
Grafana config:
[auth]
disable_login_form = true
[auth.proxy]
enabled = true
header_name = X-WEBAUTH-APP-USER
;header_property = username
;auto_sign_up = true
;ldap_sync_ttl = 60
whitelist = 127.0.0.1
[auth.basic]
enabled = false
[server]
protocol = http
http_addr = 127.0.0.1
http_port = 8891
domain = solomon.labs.befair.it
;enforce_domain = false
root_url = https://%(domain)s/ui/
answered Mar 7 at 8:54
ferofero
1814
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Gabriel Santos is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55027833%2fsingle-sign-on-authentication-on-django-and-grafana%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
thank you for contacting me by email also.
For the sake of completeness I re-post here the answered I have given to the original post in Stackoverflow Portugal: https://pt.stackoverflow.com/questions/362727/autentica%C3%A7%C3%A3o-single-sign-on-django-e-grafana
Your report is almost complete, great!
Given the warning
This setting is also important if you have a reverse proxy in front of Grafana that exposes it through a subpath. In that case add the subpath to the end of this URL setting.
at http://docs.grafana.org/installation/configuration/#root-url
a fault can be the setting of the GF_SERVER_DOMAIN envvar that should be replaced by the GF_SERVER_ROOT_URL=http://172.30.3.141:3000/ that holds the port (and this would mean a bug of Grafana documentation...)
If not this, only two other questions come to my mind to identify the issue:
- does your request.user.username match the Grafana username?
- what is the "src" attribute of your iframe? It must be
https://172.30.3.207/grafana/(dashboard path)
beside this basic questions I suggest you to try to remove the GF_AUTH_PROXY_WHITELIST envvar and to try to authenticate via curl like:
curl -H "X-WEBAUTH-USER: anthony" http://172.30.3.141:3000/api/user
as you can find at http://docs.grafana.org/auth/auth-proxy/#interacting-with-grafana-s-authproxy-via-curl
Follows my Django view and my grafana config to reach the working result, but seen no meaningful differences:
class GraphanaProxyView(ProxyView):
upstream = 'http://localhost:8891/dashboard/'
def get_proxy_request_headers(self, request):
headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
headers['X-WEBAUTH-APP-USER'] = request.user.username
return header
Grafana config:
[auth]
disable_login_form = true
[auth.proxy]
enabled = true
header_name = X-WEBAUTH-APP-USER
;header_property = username
;auto_sign_up = true
;ldap_sync_ttl = 60
whitelist = 127.0.0.1
[auth.basic]
enabled = false
[server]
protocol = http
http_addr = 127.0.0.1
http_port = 8891
domain = solomon.labs.befair.it
;enforce_domain = false
root_url = https://%(domain)s/ui/
answered Mar 7 at 8:54
ferofero
1814
add a comment |
thank you for contacting me by email also.
For the sake of completeness I re-post here the answered I have given to the original post in Stackoverflow Portugal: https://pt.stackoverflow.com/questions/362727/autentica%C3%A7%C3%A3o-single-sign-on-django-e-grafana
Your report is almost complete, great!
Given the warning
This setting is also important if you have a reverse proxy in front of Grafana that exposes it through a subpath. In that case add the subpath to the end of this URL setting.
at http://docs.grafana.org/installation/configuration/#root-url
a fault can be the setting of the GF_SERVER_DOMAIN envvar that should be replaced by the GF_SERVER_ROOT_URL=http://172.30.3.141:3000/ that holds the port (and this would mean a bug of Grafana documentation...)
If not this, only two other questions come to my mind to identify the issue:
- does your request.user.username match the Grafana username?
- what is the "src" attribute of your iframe? It must be
https://172.30.3.207/grafana/(dashboard path)
beside this basic questions I suggest you to try to remove the GF_AUTH_PROXY_WHITELIST envvar and to try to authenticate via curl like:
curl -H "X-WEBAUTH-USER: anthony" http://172.30.3.141:3000/api/user
as you can find at http://docs.grafana.org/auth/auth-proxy/#interacting-with-grafana-s-authproxy-via-curl
Follows my Django view and my grafana config to reach the working result, but seen no meaningful differences:
class GraphanaProxyView(ProxyView):
upstream = 'http://localhost:8891/dashboard/'
def get_proxy_request_headers(self, request):
headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
headers['X-WEBAUTH-APP-USER'] = request.user.username
return header
Grafana config:
[auth]
disable_login_form = true
[auth.proxy]
enabled = true
header_name = X-WEBAUTH-APP-USER
;header_property = username
;auto_sign_up = true
;ldap_sync_ttl = 60
whitelist = 127.0.0.1
[auth.basic]
enabled = false
[server]
protocol = http
http_addr = 127.0.0.1
http_port = 8891
domain = solomon.labs.befair.it
;enforce_domain = false
root_url = https://%(domain)s/ui/
answered Mar 7 at 8:54
ferofero
1814
add a comment |
thank you for contacting me by email also.
For the sake of completeness I re-post here the answered I have given to the original post in Stackoverflow Portugal: https://pt.stackoverflow.com/questions/362727/autentica%C3%A7%C3%A3o-single-sign-on-django-e-grafana
Your report is almost complete, great!
Given the warning
This setting is also important if you have a reverse proxy in front of Grafana that exposes it through a subpath. In that case add the subpath to the end of this URL setting.
at http://docs.grafana.org/installation/configuration/#root-url
a fault can be the setting of the GF_SERVER_DOMAIN envvar that should be replaced by the GF_SERVER_ROOT_URL=http://172.30.3.141:3000/ that holds the port (and this would mean a bug of Grafana documentation...)
If not this, only two other questions come to my mind to identify the issue:
- does your request.user.username match the Grafana username?
- what is the "src" attribute of your iframe? It must be
https://172.30.3.207/grafana/(dashboard path)
beside this basic questions I suggest you to try to remove the GF_AUTH_PROXY_WHITELIST envvar and to try to authenticate via curl like:
curl -H "X-WEBAUTH-USER: anthony" http://172.30.3.141:3000/api/user
as you can find at http://docs.grafana.org/auth/auth-proxy/#interacting-with-grafana-s-authproxy-via-curl
Follows my Django view and my grafana config to reach the working result, but seen no meaningful differences:
class GraphanaProxyView(ProxyView):
upstream = 'http://localhost:8891/dashboard/'
def get_proxy_request_headers(self, request):
headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
headers['X-WEBAUTH-APP-USER'] = request.user.username
return header
Grafana config:
[auth]
disable_login_form = true
[auth.proxy]
enabled = true
header_name = X-WEBAUTH-APP-USER
;header_property = username
;auto_sign_up = true
;ldap_sync_ttl = 60
whitelist = 127.0.0.1
[auth.basic]
enabled = false
[server]
protocol = http
http_addr = 127.0.0.1
http_port = 8891
domain = solomon.labs.befair.it
;enforce_domain = false
root_url = https://%(domain)s/ui/
answered Mar 7 at 8:54
ferofero
1814
thank you for contacting me by email also.
For the sake of completeness I re-post here the answered I have given to the original post in Stackoverflow Portugal: https://pt.stackoverflow.com/questions/362727/autentica%C3%A7%C3%A3o-single-sign-on-django-e-grafana
Your report is almost complete, great!
Given the warning
This setting is also important if you have a reverse proxy in front of Grafana that exposes it through a subpath. In that case add the subpath to the end of this URL setting.
at http://docs.grafana.org/installation/configuration/#root-url
a fault can be the setting of the GF_SERVER_DOMAIN envvar that should be replaced by the GF_SERVER_ROOT_URL=http://172.30.3.141:3000/ that holds the port (and this would mean a bug of Grafana documentation...)
If not this, only two other questions come to my mind to identify the issue:
- does your request.user.username match the Grafana username?
- what is the "src" attribute of your iframe? It must be
https://172.30.3.207/grafana/(dashboard path)
beside this basic questions I suggest you to try to remove the GF_AUTH_PROXY_WHITELIST envvar and to try to authenticate via curl like:
curl -H "X-WEBAUTH-USER: anthony" http://172.30.3.141:3000/api/user
as you can find at http://docs.grafana.org/auth/auth-proxy/#interacting-with-grafana-s-authproxy-via-curl
Follows my Django view and my grafana config to reach the working result, but seen no meaningful differences:
class GraphanaProxyView(ProxyView):
upstream = 'http://localhost:8891/dashboard/'
def get_proxy_request_headers(self, request):
headers = super(GraphanaProxyView, self).get_proxy_request_headers(request)
headers['X-WEBAUTH-APP-USER'] = request.user.username
return header
Grafana config:
[auth]
disable_login_form = true
[auth.proxy]
enabled = true
header_name = X-WEBAUTH-APP-USER
;header_property = username
;auto_sign_up = true
;ldap_sync_ttl = 60
whitelist = 127.0.0.1
[auth.basic]
enabled = false
[server]
protocol = http
http_addr = 127.0.0.1
http_port = 8891
domain = solomon.labs.befair.it
;enforce_domain = false
root_url = https://%(domain)s/ui/
answered Mar 7 at 8:54
ferofero
1814
edited Mar 7 at 9:07
answered Mar 7 at 8:54
ferofero
1814
answered Mar 7 at 8:54
ferofero
1814
answered Mar 7 at 8:54
ferofero
1814
1814
add a comment |
add a comment |
Gabriel Santos is a new contributor. Be nice, and check out our Code of Conduct.
Gabriel Santos is a new contributor. Be nice, and check out our Code of Conduct.
Gabriel Santos is a new contributor. Be nice, and check out our Code of Conduct.
Gabriel Santos is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55027833%2fsingle-sign-on-authentication-on-django-and-grafana%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
