Grafana 7.0.5 LDAP Logon failes with MS Edge

After upgrate from 6.62 to 7.0.3 and 7.0.5 wiht MS Edge the logon will refer permanetly to the Login page.

With Crome all is fine.

Log Entries for Edge:

  • t=2020-07-02T08:59:28+0200 lvl=dbug msg=“LDAP SearchRequest” logger=ldap searchRequest="&{xx Scope:2 DerefAliases:0 SizeLimit:0 TimeLimit:0 TypesOnly:false Filter:(|(sAMAccountName=pott)) Attributes:[sAMAccountName sn mail givenName memberOf] Controls:[]}\n"
  • t=2020-07-02T08:59:28+0200 lvl=dbug msg=“LDAP users found” logger=ldap users="([]*models.ExternalUserInfo) (len=1 cap=1) {\n (*models.ExternalUserInfo)(0xc000158360)({\n OAuthToken: (*oauth2.Token)(),\n AuthModule: (string) (len=4) “ldap”,\n AuthId: (string) (len=73) “CN=xx”,\n UserId: (int64) 0,\n Email: (string) (len=21) “xx”,\n Login: (string) (len=4) “xx”,\n Name: (string) (len=9) xxx,\n OrgRoles: (map[int64]models.RoleType) (len=1) {\n (int64) 1: (models.RoleType) (len=6) “Viewer”\n },\n IsGrafanaAdmin: (*bool)(),\n IsDisabled: (bool) false\n })\n}\n"
  • t=2020-07-02T08:59:28+0200 lvl=dbug msg=“user auth token created” logger=auth tokenId=67 userId=3 clientIP=x userAgent=“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134” authToken=xy
  • t=2020-07-02T08:59:28+0200 lvl=info msg=“Successful Login” logger=http.server User=user@domain
  • t=2020-07-02T08:59:29+0200 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=x time_ms=14 size=29 referer=https://server:3000/login

Log entries with Crome:

  • t=2020-07-02T08:55:02+0200 lvl=dbug msg=“LDAP SearchRequest” logger=ldap searchRequest="&{BaseDN:xx Scope:2 DerefAliases:0 SizeLimit:0 TimeLimit:0 TypesOnly:false Filter:(|(sAMAccountName=pott)) Attributes:[sAMAccountName sn mail givenName memberOf] Controls:[]}\n"
  • t=2020-07-02T08:55:02+0200 lvl=dbug msg=“LDAP users found” logger=ldap users="([]*models.ExternalUserInfo) (len=1 cap=1) {\n (*models.ExternalUserInfo)(0xc0001581b0)({\n OAuthToken: (*oauth2.Token)(),\n AuthModule: (string) (len=4) “ldap”,\n AuthId: (string) (len=73) “CN=xx”,\n UserId: (int64) 0,\n Email: (string) (len=21) “xx”,\n Login: (string) (len=4) “xx”,\n Name: (string) (len=9) xxx,\n OrgRoles: (map[int64]models.RoleType) (len=1) {\n (int64) 1: (models.RoleType) (len=6) “Viewer”\n },\n IsGrafanaAdmin: (*bool)(),\n IsDisabled: (bool) false\n })\n}\n"
  • t=2020-07-02T08:55:02+0200 lvl=dbug msg=“user auth token created” logger=auth tokenId=66 userId=3 clientIP=x userAgent=“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36” authToken=xy
  • t=2020-07-02T08:55:02+0200 lvl=info msg=“Successful Login” logger=http.server User=user@domain
  • t=2020-07-02T08:55:02+0200 lvl=dbug msg=“seen token” logger=auth tokenId=66 userId=3 clientIP=53.207.18.183 userAgent=“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36” authToken=xy
  • t=2020-07-02T08:55:02+0200 lvl=dbug msg=“Updating last user_seen_at” logger=context userId=3 orgId=1 uname=user user_id=3
  • t=2020-07-02T08:55:02+0200 lvl=dbug msg=“avatar.fetch(fetch new avatar): https://secure.gravatar.com/avatar/11dbd84c9d0efdbcc7368a4c2a4f03f5?d=retro&r=pg&size=200
  • t=2020-07-02T08:55:04+0200 lvl=dbug msg=“avatar update error: gravatar unreachable, Get “https://secure.gravatar.com/avatar/11dbd84c9d0efdbcc7368a4c2a4f03f5?d=retro&r=pg&size=200”: context deadline exceeded (Client.Timeout exceeded while awaiting headers)”
  • t=2020-07-02T08:59:20+0200 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=x time_ms=0 size=29 referer=

With Edge the steps

  • seen token
  • Updating last user_seen_at
    are missing and in the “Request Completed” line it refers to Login.

After a Windows 10 Security patch in June it works fine