Auth Proxy Authentication: setting user role

bwint · August 27, 2021, 9:51am

Hi everyone!

I’m trying to use the Auth Proxy feature to pass a specific role to the user I’m authenticating.

If I understand this PR and the documentation correctly this should be possible in v 8.1.2.

I use a reverse proxy to authenticate the user which then passes two headers to Grafana:
X-WEBAUTH-USER and X-WEBAUTH-ROLE

My config section regarding auth.proxy looks like this:

[auth.proxy]
enabled = true
auto_sign_up = true
header_name = X-WEBAUTH-USER
header_property = username
headers = Role:X-WEBAUTH-ROLE
ldap_sync_ttl = 60
sync_ttl = 60
whitelist =
enable_login_token = false

The X-WEBAUTH-USER header contains the username and works like a charm.
I tried sending the strings “admin” and “Admin” in the X-WEBAUTH-ROLE header to set the authenticated user to the admin role to be able to access dashboards with restricted permissions but had no success.

Is there any documentation on what to send in the X-WEBAUTH-ROLE header or did anyone else already figure it out?

Thanks in advance!

rubenvandeput · December 17, 2021, 3:20pm

Hi, I’m wondering if you found a solution, because I’m facing the same problem.
Edit: never mind, it works in Grafana 8.3.3.

bwint · December 18, 2021, 1:15pm

That sounds like good, news! Thank you for sharing.
Until now I wasn’t able to solve it. I will update next week and see if will work for me too.

Topic		Replies	Views
Auth Proxy: Support setting Organization roles - Continued Authentication	0	418	May 17, 2021
Auth proxy not working Authentication	6	3793	July 31, 2020
How to use auth.proxy efficiently Configuration backend-platform , config-help , auth	1	512	August 10, 2022
Need direction after apache Auth Proxy setup to perform SSO? Grafana	1	355	June 13, 2019
Setting SSO for Grafana Authentication	11	29343	January 24, 2022

Auth Proxy Authentication: setting user role

Related topics