Grafana compliance with keycloak cert openid endpoint

lucasde · February 27, 2019, 12:39pm

Hi,

We have a Docker Swarm stack running a bunch of microservices and a keycloak and we would like to test a grafana integration with Keycloak using Oauth2/OpenID.

Keycloak has a several useful endpoints to integrate openId authentication and these can be set in grafana.ini as follow using generic oauth config in grafana.ini:

[auth.generic_oauth]
enabled = true
client_id = grafana
client_secret = password123
  ...
auth_url = http://keycloak:8080/auth/realms/realm-a/protocol/openid-connect/auth
token_url = http://keycloak:8080/auth/realms/realm-a/protocol/openid-connect/token
api_url = http://keycloak:8080/auth/realms/realm-a/protocol/openid-connect/userinfo

Unfortunately, I cannot find any variable in grafana’s config to get the certificate endpoint.
This endpoint is used to retrieve keycloak’s public key for JWT token validation. See doc

I was expecting something like this:

cert_url = http://keycloak:8080/auth/realms/realm-a/protocol/openid-connect/certs

How can grafana validate JWT token without that certificate?

Best regards,

Lucas

jangaraj · February 28, 2019, 9:43am

Grafana doesn’t send JWT token to the user browser, so user can’t tamper token => token verification is not required.

Topic		Replies	Views
Grafana generic oauth with keycloak Grafana	1	6791	August 15, 2018
TLS skip verify for generic OAuth Authentication	5	3583	July 28, 2018
Grafana Keycloak Integration Authentication	2	6944	May 12, 2020
Issue when trying to combine keycloak and grafana Authentication oauth	1	213	February 16, 2023
Where can get a Java simple sample, which can work with [auth.generic_oauth] part in grafana.ini? Grafana	2	283	February 19, 2022

Grafana compliance with keycloak cert openid endpoint

Related topics