apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35124 Commits
2179 Branches
608 Tags
1.9 GiB
 
 
 
 
 
 
Tag: Branch: Tree: 0f4c3f7805
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0f4c3f7805'
${ noResults }
grafana/docs/sources/enterprise/saml/enable-saml.md

2.2 KiB
Raw Blame History Escape

aliases description keywords menuTitle title weight
[/docs/grafana/latest/auth/saml/ /docs/grafana/latest/enterprise/saml/enable-saml/] This contains information to enable SAML authentication in Grafana [grafana saml documentation saml-auth enterprise] Enable SAML authentication Enable SAML authentication in Grafana 30

Enable SAML authentication in Grafana

To use the SAML integration, in the auth.saml section of in the Grafana custom configuration file, set enabled to true.

Refer to [Configuration]({{< relref "../../administration/configuration.md" >}}) for more information about configuring Grafana.

Certificate and private key

The SAML SSO standard uses asymmetric encryption to exchange information between the SP (Grafana) and the IdP. To perform such encryption, you need a public part and a private part. In this case, the X.509 certificate provides the public part, while the private key provides the private part. The private key needs to be issued in a PKCS#8 format.

Grafana supports two ways of specifying both the certificate and private_key.

  • Without a suffix (certificate or private_key), the configuration assumes you've supplied the base64-encoded file contents.
  • With the _path suffix (certificate_path or private_key_path), then Grafana treats the value entered as a file path and attempts to read the file from the file system.

Note: You can only use one form of each configuration option. Using multiple forms, such as both certificate and certificate_path, results in an error.

Example of how to generate SAML credentials:

An example of how to generate a self-signed certificate and private key that's valid for one year:

$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes

Base64-encode the cert.pem and key.pem files: (-w0 switch is not needed on Mac, only for Linux)

$ base64 -w0 key.pem > key.pem.base64
$ base64 -w0 cert.pem > cert.pem.base64

The base64-encoded values (key.pem.base64, cert.pem.base64 files) are then used for certificate and private_key.

The keys you provide should look like:

-----BEGIN PRIVATE KEY-----
...
...
-----END PRIVATE KEY-----