keyfil/教程/单点/20250113-Grafana安装及SSO接入指南.md

<!-- Space: qifu -->
<!-- Parent: 后端技术&知识&规范 -->
<!-- Parent: 技术方案 -->
<!-- Parent: 基建 -->
<!-- Parent: 03-接入指南 -->
<!-- Title: 20250113-Grafana安装及SSO接入指南 -->

<!-- Macro: :anchor\((.*)\):
     Template: ac:anchor
     Anchor: ${1} -->
<!-- Macro: \!\[.*\]\((.+)\)\<\!\-\- width=(.*) \-\-\>
     Template: ac:image
     Url: ${1}
     Width: ${2} -->
<!-- Macro: \<\!\-\- :toc: \-\-\>
     Template: ac:toc
     Printable: 'false'
     MinLevel: 2 
     MaxLevel: 4 -->
<!-- Include: 杂项/声明文件.md -->

<!-- :toc: -->

# Grafana安装及SSO接入指南

## OIDC 配置
- 编辑 `defaults.ini`
```toml
#-################################### Generic OAuth #######################             
[auth.generic_oauth]
name = WeWork
icon = signin
enabled = true
allow_sign_up = true
auto_login = false
client_id = grafana
client_secret = P0GxgSpnG4u9jNDPHZur7NWdNNaNjTU0
scopes = openid profile email roles
empty_scopes = false
email_attribute_name = email
email_attribute_path = email
login_attribute_path = username
name_attribute_path = name
role_attribute_path = contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'edi
role_attribute_strict = false
org_attribute_path =
org_mapping =
groups_attribute_path =
id_token_attribute_name =
team_ids_attribute_path =
auth_url = http://keycloak.qifu.com/realms/keyfil/protocol/openid-connect/auth
token_url = http://keycloak.qifu.com/realms/keyfil/protocol/openid-connect/token
api_url = http://keycloak.qifu.com/realms/keyfil/protocol/openid-connect/userinfo
signout_redirect_url =
teams_url =
allowed_domains =
allowed_groups =
team_ids =
allowed_organizations =
tls_skip_verify_insecure = false
tls_client_cert =
tls_client_key =
tls_client_ca =
use_pkce = false
auth_style =
allow_assign_grafana_admin = false
skip_org_role_sync = false
use_refresh_token = false                    
```
----

## 参考

- [Grafana OIDC](https://grafana.org.cn/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/)
✨ [2025-01-16] 添加 Confluence 群组映射教程 2025-01-16 10:23:28 +08:00			`<!-- Space: qifu -->`
			`<!-- Parent: 后端技术&知识&规范 -->`
			`<!-- Parent: 技术方案 -->`
			`<!-- Parent: 基建 -->`
♻️ [2025-02-10] 梳理项目结构 2025-02-10 09:21:02 +08:00			`<!-- Parent: 03-接入指南 -->`
✨ [2025-01-16] 添加 Confluence 群组映射教程 2025-01-16 10:23:28 +08:00			`<!-- Title: 20250113-Grafana安装及SSO接入指南 -->`

			`<!-- Macro: :anchor\((.*)\):`
			`Template: ac:anchor`
			`Anchor: ${1} -->`
			`<!-- Macro: \!\[.\]\((.+)\)\<\!\-\- width=(.) \-\-\>`
			`Template: ac:image`
			`Url: ${1}`
			`Width: ${2} -->`
			`<!-- Macro: \<\!\-\- :toc: \-\-\>`
			`Template: ac:toc`
			`Printable: 'false'`
			`MinLevel: 2`
			`MaxLevel: 4 -->`
			`<!-- Include: 杂项/声明文件.md -->`

			`<!-- :toc: -->`

✨ [2025-01-16] 更新SSO进度 2025-01-17 19:11:18 +08:00			`# Grafana安装及SSO接入指南`
✨ [2025-01-16] 添加 Confluence 群组映射教程 2025-01-16 10:23:28 +08:00
✨ [2025-01-16] 更新SSO进度 2025-01-21 18:05:09 +08:00			`## OIDC 配置`
			- 编辑 `defaults.ini`
			```toml
✨ [2025-01-16] 更新SSO进度 2025-01-21 19:00:46 +08:00			`#-################################### Generic OAuth #######################`
✨ [2025-01-16] 更新SSO进度 2025-01-21 18:05:09 +08:00			`[auth.generic_oauth]`
			`name = WeWork`
			`icon = signin`
			`enabled = true`
			`allow_sign_up = true`
			`auto_login = false`
			`client_id = grafana`
			`client_secret = P0GxgSpnG4u9jNDPHZur7NWdNNaNjTU0`
			`scopes = openid profile email roles`
			`empty_scopes = false`
			`email_attribute_name = email`
			`email_attribute_path = email`
			`login_attribute_path = username`
			`name_attribute_path = name`
			`role_attribute_path = contains(roles[], 'admin') && 'Admin' \|\| contains(roles[], 'edi`
			`role_attribute_strict = false`
			`org_attribute_path =`
			`org_mapping =`
			`groups_attribute_path =`
			`id_token_attribute_name =`
			`team_ids_attribute_path =`
			`auth_url = http://keycloak.qifu.com/realms/keyfil/protocol/openid-connect/auth`
			`token_url = http://keycloak.qifu.com/realms/keyfil/protocol/openid-connect/token`
			`api_url = http://keycloak.qifu.com/realms/keyfil/protocol/openid-connect/userinfo`
			`signout_redirect_url =`
			`teams_url =`
			`allowed_domains =`
			`allowed_groups =`
			`team_ids =`
			`allowed_organizations =`
			`tls_skip_verify_insecure = false`
			`tls_client_cert =`
			`tls_client_key =`
			`tls_client_ca =`
			`use_pkce = false`
			`auth_style =`
			`allow_assign_grafana_admin = false`
			`skip_org_role_sync = false`
			`use_refresh_token = false`
			```
✨ [2025-01-16] 添加 Confluence 群组映射教程 2025-01-16 10:23:28 +08:00			`----`

			`## 参考`

			`- [Grafana OIDC](https://grafana.org.cn/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/)`