opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-08-02 06:32:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
grafana/docs/sources/enterprise/saml/enable-saml.md
Eric Leijonmarck 17bd741fc0 SAML: fix pkcs8 doc and refactoring SAML docs (#47337) 
* refactoring: saml docs

* refactoring: relreferences

* adding error as presented in issue

* refactor: update sentence

* refactor: more relref fixes that was missing

* refactor: more relref fixes that was missing

* Apply suggestions from code review

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* refactor: move saml with okta

* fix: spell and small corrections

* add: enterprise tag

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2022-04-13 17:18:59 +01:00

66 lines
2.3 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: 'Enable SAML authentication in Grafana'
menuTitle: 'Enable SAML authentication'
description: 'This contains information to enable SAML authentication in Grafana'
keywords: ['grafana', 'saml', 'documentation', 'saml-auth', 'enterprise']
aliases: ['/docs/grafana/latest/auth/saml/']
weight: 30
---
# Enable SAML authentication in Grafana
To use the SAML integration, in the `auth.saml` section of in the Grafana custom configuration file, set `enabled` to `true`.
Refer to [Configuration]({{< relref "../../administration/configuration.md" >}}) for more information about configuring Grafana.
## Certificate and private key
The SAML SSO standard uses asymmetric encryption to exchange information between the SP (Grafana) and the IdP. To perform such encryption, you need a public part and a private part. In this case, the X.509 certificate provides the public part, while the private key provides the private part. The private key needs to be issued in a [PKCS#8](https://en.wikipedia.org/wiki/PKCS_8) format.
Grafana supports two ways of specifying both the `certificate` and `private_key`.
- Without a suffix (`certificate` or `private_key`), the configuration assumes you've supplied the base64-encoded file contents.
- With the `_path` suffix (`certificate_path` or `private_key_path`), then Grafana treats the value entered as a file path and attempts to read the file from the file system.
> **Note:** You can only use one form of each configuration option. Using multiple forms, such as both `certificate` and `certificate_path`, results in an error.
---
### **Example** of how to generate SAML credentials:
An example of how to generate a self-signed certificate and private key that's valid for one year:
```sh
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
```
Base64-encode the cert.pem and key.pem files:
(-w0 switch is not needed on Mac, only for Linux)
```sh
$ base64 -w0 key.pem > key.pem.base64
$ base64 -w0 cert.pem > cert.pem.base64
```
The base64-encoded values (`key.pem.base64, cert.pem.base64` files) are then used for certificate and private_key.
The keys you provide should look like:
It should look like:
```
-----BEGIN PRIVATE KEY-----
...
...
-----END PRIVATE KEY-----
```
If you have a key that looks like:
```
-----BEGIN CERTIFICATE-----
...
...
-----END CERTIFICATE-----
```
Reference in New Issue View Git Blame Copy Permalink