Hi,
We are using Grafana 5.2.4 (Community Edition, not Enterprise) with OAuth by Keycloak. Facing one question,
Do you know if there is a way for grafana to adopt the user role that defined in Keycloak after the successful login using this user?
I mean the role defined in keycloak can be passed into grafana. For example,
- In keycloak, I create a user and assign role Viewer to this user, then after login grafana by this user The role of this user in grafana is Viewer
- In keycloak, I create a user and assign role Admin to this user, then after login grafana by this user The role of this user in grafana is Admin
- In keycloak, I create a user and assign role Editor to this user, then after login grafana by this user The role of this user in grafana is Editor
I have looked into the https://github.com/grafana/grafana/issues/9766. This request mentioned the role passing. And I saw the status of issue is open.
Does that mean grafana currently don’t support our need?
Thanks in advance.
1 Like
I am also looking into this issue and cannot find any doc about it. Did you solve your problem? @lijingaz
No luck. This issue keeps for several months and no one replies. We’d better look what guys in https://github.com/grafana/grafana/issues/9766 are discussing - I guess in coming release there could be an answer.
Hi, any solution for the above problem
It sounds like you are talking about Team sync, which is a Grafana Enterprise feature.
Also, why are you using such an old version of Grafana? I strongly recommend moving to a more current version. I believe there have been security upgrades since 5.2.4, and certainly lots of new panel functionality.
You can set the role through a JMESPath in role_attribute_path based on the OAuth attributes. Take a look at JMESPath examples in the Generic OAuth docs for more information.
It’s better to open a new question than to revive a several year old question, the difference between 5.2.4 and 7.1.4 is night and day.
Thank you for the reply I am using the latest version 7.1.4 v here my question is how do i get the Oauth attributes. is there any process to find those?
thank you for that I am using grafana 7.1.4 v and i have integrated keycloak with grafana and now i am assinging the roles to the users and it should be from back end not frontend.
Not really, that is provider specific. For Keycloak the first place to look is in Client > Mapper in the Keycloak admin console, but I’ve only ever used Keycloak for SAML, so I’m not sure about the specifics for configuring it with OAuth.
