Grafana ======= |image0| Presentation ------------ `Grafana `__ is an Open Source dashboard for monitoring databases such as Prometheus, Graphite or Elasticsearch Grafana offers social login through a generic OAuth 2 connector. Thankfully, it is close enough to OpenID Connect to work well with LemonLDAP::NG Pre-requisites -------------- Grafana configuration ~~~~~~~~~~~~~~~~~~~~~ You should start by following the generic OAuth2 documentation provided by Grafana: Your configuration file will have to look something like this: :: [auth.generic_oauth] enabled = true client_id = CHOOSE_A_CLIENT_ID client_secret = CHOOSE_A_CLIENT_SECRET scopes = openid email profile auth_url = token_url = api_url = allow_sign_up = true name = LemonLDAP::NG send_client_credentials_via_post = false email_attribute_name = email LL:NG ~~~~~ Make sure you have already :doc:`enabled OpenID Connect<../idpopenidconnect>` on your LemonLDAP::NG server Then, add a Relaying Party with the following configuration - Options » Authentification » Client ID : same as ``client_id`` above - Options » Allowed redirection address : same as ''client_secret '' above If you want to transmit user attributes to Grafana, you also need to configure - Extra Claims » - add a key named ``profile`` - set a value of ``name username display_name upn`` - Exported Attributes (not all of them are mandatory) - replace the existing keys with the following 5 new keys: - ``name`` - ``username`` - ``display_name`` - ``upn`` - ``email`` - map them to your corresponding LemonLDAP::NG session attribute .. |image0| image:: /applications/grafana_logo.png :class: align-center