root
/
grafana
mirror of https://github.com/grafana/grafana.git
1
0
Fork 0
Code Issues Actions 194 Packages Projects Releases Wiki Activity

Auth: Add support for the TlsSkipVerify parameter to JWT Auth (#91514) 

* feat(auth/JWTAuth): add support for the TlsSkipVerify parameter

* feat(auth/JWTAuth): add param to default.ini and sample.ini

---------

Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
This commit is contained in:
Filip "Ret2Me" Poplewski 2025-03-03 10:18:14 +01:00 committed by GitHub
parent 2e7c28ccbc
commit 561156c4da
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
conf/defaults.ini
View File

@ -937,6 +937,7 @@ auto_sign_up = false
url_login = false
allow_assign_grafana_admin = false
skip_org_role_sync = false
tls_skip_verify_insecure = false
#################################### Auth LDAP ###########################
[auth.ldap]

1
conf/sample.ini
View File

@ -907,6 +907,7 @@
;allow_assign_grafana_admin = false
;skip_org_role_sync = false
;signout_redirect_url =
;tls_skip_verify_insecure = false
#################################### Auth LDAP ##########################
[auth.ldap]

1
pkg/services/auth/jwt/key_sets.go
View File

@ -162,6 +162,7 @@ func (s *AuthService) initKeySet() error {
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
Renegotiation: tls.RenegotiateFreelyAsClient,
InsecureSkipVerify: s.Cfg.JWTAuth.TlsSkipVerify,
},
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{

2
pkg/setting/setting_jwt.go
View File

@ -27,6 +27,7 @@ type AuthJWTSettings struct {
GroupsAttributePath string
EmailAttributePath string
UsernameAttributePath string
TlsSkipVerify bool
}
type ExtJWTSettings struct {
@ -69,6 +70,7 @@ func (cfg *Cfg) readAuthJWTSettings() {
jwtSettings.GroupsAttributePath = valueAsString(authJWT, "groups_attribute_path", "")
jwtSettings.EmailAttributePath = valueAsString(authJWT, "email_attribute_path", "")
jwtSettings.UsernameAttributePath = valueAsString(authJWT, "username_attribute_path", "")
jwtSettings.TlsSkipVerify = authJWT.Key("tls_skip_verify_insecure").MustBool(false)
cfg.JWTAuth = jwtSettings
}