apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35124 Commits
2179 Branches
608 Tags
1.9 GiB
Tag: Branch: Tree: 0f4c3f7805
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0f4c3f7805'
${ noResults }
grafana/docs/sources/enterprise/saml/enable-saml.md

62 lines
2.2 KiB
Raw Normal View History Unescape

SAML: fix pkcs8 doc and refactoring SAML docs (#47337) * refactoring: saml docs * refactoring: relreferences * adding error as presented in issue * refactor: update sentence * refactor: more relref fixes that was missing * refactor: more relref fixes that was missing * Apply suggestions from code review Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * refactor: move saml with okta * fix: spell and small corrections * add: enterprise tag Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
3 years ago
---
Add current alias to all files (#48635) * Add aliases to all files Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Prettify front matter Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
3 years ago
aliases:
- /docs/grafana/latest/auth/saml/
- /docs/grafana/latest/enterprise/saml/enable-saml/
description: This contains information to enable SAML authentication in Grafana
keywords:
- grafana
- saml
- documentation
- saml-auth
- enterprise
menuTitle: Enable SAML authentication
title: Enable SAML authentication in Grafana
SAML: fix pkcs8 doc and refactoring SAML docs (#47337) * refactoring: saml docs * refactoring: relreferences * adding error as presented in issue * refactor: update sentence * refactor: more relref fixes that was missing * refactor: more relref fixes that was missing * Apply suggestions from code review Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * refactor: move saml with okta * fix: spell and small corrections * add: enterprise tag Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
3 years ago
weight: 30
---
# Enable SAML authentication in Grafana
To use the SAML integration, in the `auth.saml` section of in the Grafana custom configuration file, set `enabled` to `true`.
Refer to [Configuration]({{< relref "../../administration/configuration.md" >}}) for more information about configuring Grafana.
## Certificate and private key
The SAML SSO standard uses asymmetric encryption to exchange information between the SP (Grafana) and the IdP. To perform such encryption, you need a public part and a private part. In this case, the X.509 certificate provides the public part, while the private key provides the private part. The private key needs to be issued in a [PKCS#8](https://en.wikipedia.org/wiki/PKCS_8) format.
Grafana supports two ways of specifying both the `certificate` and `private_key`.
- Without a suffix (`certificate` or `private_key`), the configuration assumes you've supplied the base64-encoded file contents.
- With the `_path` suffix (`certificate_path` or `private_key_path`), then Grafana treats the value entered as a file path and attempts to read the file from the file system.
> **Note:** You can only use one form of each configuration option. Using multiple forms, such as both `certificate` and `certificate_path`, results in an error.
---
### **Example** of how to generate SAML credentials:
An example of how to generate a self-signed certificate and private key that's valid for one year:
```sh
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
```
Base64-encode the cert.pem and key.pem files:
(-w0 switch is not needed on Mac, only for Linux)
```sh
$ base64 -w0 key.pem > key.pem.base64
$ base64 -w0 cert.pem > cert.pem.base64
```
The base64-encoded values (`key.pem.base64, cert.pem.base64` files) are then used for certificate and private_key.
The keys you provide should look like:
```
-----BEGIN PRIVATE KEY-----
...
...
-----END PRIVATE KEY-----
```