26 lines
1.2 KiB
INI
26 lines
1.2 KiB
INI
[server]
|
|
root_url = https://grafana.hamburg.ccc.de
|
|
|
|
[auth]
|
|
disable_login_form = true
|
|
|
|
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/
|
|
[auth.generic_oauth]
|
|
enabled = true
|
|
auto_login = true
|
|
name = id.hamburg.ccc.de
|
|
allow_sign_up = true
|
|
client_id = grafana
|
|
client_secret = {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/KEYCLOAK_SECRET", create=false, missing="error") }}
|
|
scopes = openid email profile offline_access roles
|
|
email_attribute_path = email
|
|
login_attribute_path = username
|
|
name_attribute_path = full_name
|
|
auth_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth
|
|
token_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token
|
|
api_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/userinfo
|
|
signout_redirect_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/logout
|
|
role_attribute_path = "contains(roles[*], 'grafanaadmin') && 'GrafanaAdmin' || contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'"
|
|
allow_assign_grafana_admin = true
|
|
use_refresh_token = true
|