I'm trying to configure Community edition Grafana(official docker image) with Okta integration.
After doing Okta configuration, Okta authenticates and redirect request to grafana, where I hosted it,
But, it shows following error:
login.OAuthLogin(missing saved state)
I'm not using any database for storing sessions. I want to save it on local file only.
Please suggest.
I had the same problem, which had to do with the 'email' attribute not being available to Grafana.
Make sure that 'api_url' contains 'email'.
In Grafana OAuth config, set the following:
email_attribute_path
email_attribute_name
Example:
[auth.generic_oauth]
email_attribute_path=email
email_attribute_name=email
Example Grafana Configuration containing these properties can be found here: https://github.com/grafana/grafana/blob/v6.4.0/conf/sample.ini
Thanks for response, I found detailed help at: https://www.gyanblog.com/gyan/how-configure-grafana-dashboard-oauth-okta-ssl-docker-nginx/
Related
I'm trying to setup Rancher to use Keycloak as an authentication provider and following the setups laid out here. The last step says to export the metadata in the SAML Metadata IDPSSODescriptor format but I only see SAML Metadata SPSSODescriptor as an option. I've tried using that but authentication isn't working - it opens another window with the same Keycloak setup page when clicking the Authenticate with Keycloak button to validate the setup. There are no errors in the Docker logs for either the Rancher or Keycloak containers when running docker logs CONTAINER command.
I'm wondering if I need to do something specific to setup Keycloak as an IDP to get the correct metadata option but I can't find anything in their documentation.
For Keycloak 6.0 and up, along with the location of the IDPSSODescriptor even its format has changed. This doc explains how that can be edited to be used by Rancher
From the Installation tab, choose the SAML Metadata IDPSSODescriptor format option and download your file.
Or you can directly visit Keycloak URL with IDPSSODescriptor metadata:
https://<keycloak-domain>/auth/realms/<realm>/protocol/saml/descriptor
i try to add security to my Api defined in Gravitee.io with a keycloaK apikey .
I've tried to add resource in my api conf but i not found resource "Keycloak provider" to paste my keycloak json file. like in the last screenshot of this readme :
https://github.com/gravitee-io/breizhcamp-2018-tia
I use Gravitee.io 1.24 (last docker image) and keycloak 5.0.0
please help me ;-)
You need to download the keycloak resource plugin and drag & drop the zip file into the both directories 'plugin' of your instances (gateway and management) :) You can found it at this link : https://download.gravitee.io/graviteeio-apim/plugins/resources/gravitee-resource-oauth2-provider-keycloak/
Have a good day :)
Numerous forum posts and documentations specify extracting login info for the Kubernetes install from ~/.kube/config.
The problem I found: mine doesn't have a proper user account, it specifies a name and a token.
How do I get the account name so I can use the kubernetes-cockpit UI? Surprisingly there appears to be nothing on that topic - what to do if the config doesn't contain an account.
It depends on how you use Cockpit.
According to cockpit official page:
Used in a standard cockpit session:
If a user is able to use kubectl successfully when at their shell terminal, then that same user will able to use Kubernetes dashboard when logged into Cockpit
I suppose this is your scenario, so if you didn't change default settings, the cockpit will look for .kube/config itself, i.e. you should be able to login without specifying your account.
I have my REST Service name getRates. Which accepts few inputs and gives out the loan rates. I wanted to use the API that I have with WSO2 Api Manager. I am not able to do it. I am not sure where and how to define the sample request/response code to check if my service is being hit or not. I have a URL to my Service but I want it to be used via WSO2 APi manager. Help me out with this
Question is too generic to give an exact answer. Please follow this guide to create a new API from scratch and add your backend service URL as 'Production Endpoint'. If you already have set this up and want to get an idea if the message flow is working correctly, enable wire logs as follows,
open log4j.properties file from a text editor.
log4j.properties file is located in /repository/conf directory.
Un-comment the following entry.
log4j.logger.org.apache.synapse.transport.http.wire=DEBUG
Get an idea about the wire logs from here. Explain the steps you tried already and mention if you get any errors.
I am using WSO2 Identity server product version 5.0.0. I use SP1. In our latest architecture we use a specific login page for each service provider. Each service provider can be configured under different tenant domains, eventually with differences (for an example, for a tenant is configured the internal and the facebook login but for another tenant just the internal login).
I want to know if it is possible to visualize on the login page the external Identity provider login button according to the Service provider configuration under the specific tenant domain. Please help me to solve this, I am stuck on this advance configuration. I could not find any documents for this.
Yes, according to my knowledge your requirement is possible with WSO2-IS.
Please refer document [1] for Customizing the login page for SAML SSO service providers.
And you can get more custom configuration details using this blog as well. [2]
Also if you need to re-theming wso2 management console, that also possible with WSO2-IS. Please find the reference document [3].
[1]https://docs.wso2.com/display/IS500/Customizing+Login+Pages
[2]http://dulanja.blogspot.com/2014/01/wso2-is-samlsso-customizing-login-page.html
[3]http://wso2.com/library/tutorials/2011/12/retheming-carbon-products/