we are trying to authenticate users using okta for grafana login and do the role mapping , whenever i tried to login it give the user only viewer access , i believe it should be set as Admin . can you check pls
grafana.ini
[auth.generic_oauth]
name = okta
enabled = true
allow_sign_up = true
client_id = xxxxxxx
client_secret = xxxxxxxxx
scopes = openid profile groups email
auth_url = xxxx/v1/authorize
token_url = xxxx/v1/token
api_url = xxxxxv1/userinfo
role_attribute_path = contains(groups[ ], ‘Grafana-Noc-Okta’) && ‘Admin’ || contains(groups[ ], ‘Grafana-DevOps-Okta’) && ‘Editor’ || ‘Viewer’
Environment : prod
- Grafana version: 6.5.1
- OS Grafana is installed on: centos 7
- User OS & Browser: Chrome
dbug msg=“Received id_token” logger=oauth.generic_oauth
json = {“sub”:“00uodxakgpW8x3M520h7”,“name”:“Pramod Kumar Velayudhan”,“email”:“pkumar@xxxx”,“ver”:1,“iss”:“https://xxxx",“aud”:“xxxxx0h7”,“iat”:xxx0474,“exp”:1xxx1xx74,“jti”:“ID.xxxxx__fc”,“amr”:[“pwd”],“idp”:“0xxxx14o10h7”,“preferred_username”:“pkumar@xxx”,“auth_time”:1576010473,“at_hash”:“xxxx"groups”:[“Grafana-Noc-Okta”]} data=”&{Name:Pramod Kumar Velayudhan DisplayName: Login: Username: Email:pkumar@xxx Upn: Attributes:map[]}"
t=2019-12-10T12:24:40-0800 lvl=eror msg=“Empty user info JSON response provided” logger=oauth.generic_oauth
t=2019-12-10T12:24:40-0800 lvl=dbug msg=“OAuthLogin got user info” logger=oauth userInfo="&{Id: Name:Pramod Email:pkumar@xxxxx Login:pkumar@xxxx Company: Role: Groups:[]}"