I am looking for a precise enough guide on how to configure ADFS login (service provider (SP) initiated logins) to Grafana. I have a Prometheus-Loki-Grafana instance running in K8s and Grafana can be accessed at https://grafana.prod.mydomain/login
I have read the docs here but I’m left with questions on the exact steps :
- Where is the config file to be edited for k8s installations? The docs have /usr/local/etc/grafana/grafana.ini and two other paths:
$WORKING_DIR/conf/defaults.ini
/etc/grafana/grafana.ini
2.Are these the correct variables to setup or Im missing something else :
- enabled
- allow_sign_up
- idp_metadata, idp_metadata_path, or idp_metadata_url
- private_key or private_key_path
- idp_metadata, idp_metadata_path, or idp_metadata_url – Where/How do I get this ?
- private_key or private_key_path – Where/How do I get this?
- This docs state that “For the SAML integration to work correctly, you need to make the IdP aware of the SP”. My understanding is that this means establishing a “handshake” between SP (Grafana) and IdP (ADFS) but I’m not sure about where I get the values for :
/saml/metadata endpoint
/saml/acs endpoint
- How do I test that the config is working?
- Where do I test from ? Grafana ? ADFS? Or both?
- What do I need to setup from ADFS side?
.