* Fix list of sample providers
The sample providers on this page has changed, so the list at the top of the page is no longer correct. Also link to Octo and Azure AD pages from here, since they are also OAuth2 providers.
* Fix misspelled Okta
* Make bullet list of OAuth2 providers
* Sort list of OAuth2 providers alphabetically
* Correction in abbreviation
* Minor correction in abbreviation
* Correcting abbreviation
* Correction in abbreviation
* Correcting abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Update stack_guide_graphite.md
* Update whats-new-in-v4-6.md
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Update ldap.md
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Update docs/sources/guides/whats-new-in-v5.md
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* Add fallback to search_base_dns if group_search_base_dns is undefined.
refs: #20862
* removed newline to make lint-go happy
* Added requested changes on ldap.md for last commit
Refs: #21263
* Suggesting couple of changes to the document
Line 15 should be modified to use your application instead of an application, same way it is being used in other auth docs.
typo in line 76, can is repeated twice . Correcting that typo
* Update docs/sources/auth/gitlab.md
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* Update gitlab.md
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* Correcting Line 22
Menu drop down is correct description for the control , rather than the menu that drops down
* Update docs/sources/auth/google.md
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* Update docs/sources/auth/google.md
Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* Couple of changes to the document
Correcting a typo in line 53
Line 226 should be re-written as "To easily configure"
* Update docs/sources/auth/generic-oauth.md
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
* Implement Azure AD oauth
* Use go-jose and cleanup
* Update go-jose in go.mod
* cleanup
* Add unit tests
* Fix scopes
* Add documentation page
* Improve documentation
* Convert extract_role into function.
* Do not use upn and replace unique_name with preferred_username
* Configure login button
* Use official microsoft icon and color from branding guideline.
* Add Azure AD config section in sample.ini.
* Docs: add LDAP active sync limitation for single bind
* Docs: update header for LDAP active sync limitation
Co-Authored-By: Leonard Gram <leo@xlson.com>
* Docs: gitlab team-sync documented correctly
* docs: initial docs for whitelabeling
* Docs: enterprise repositories
* Docs: rpm enterprise install
* Docs: re-structured the rpm install page to be more similar to the deb page
* Docs: responded to review feedback
* Docs: recommends the enterprise edition
* Update docs/sources/installation/debian.md
Removes send_client_credentials_via_post oauth setting and
use auto-detect mechanism instead.
By these changes also fixes statichcheck errors
Ref #8968
Updates the docs to work with the website repo - mainly
relative link updates.
Adds a menu.yaml file to build the sidebar menu (no longer
using front matter weight).
* AuthProxy: Can now login with auth proxy and get a login token
* added unit tests
* renamed setting and updated docs
* AuthProxy: minor tweak
* Fixed tests and namings
* spellfix
* fix
* remove unused setting, probably from merge conflict
* fix
Adds support for Generic OAuth role mapping. A new
configuration setting for generic oauth is added named
role_attribute_path which accepts a JMESPath expression.
Only Grafana roles named Viewer, Editor or Admin are
accepted.
Closes#9766
Update Azure AD instructions to follow heading changes in Azure Portal.
> In the legacy experience, an app had Keys page. In the new experience, it has been renamed to Certificates & secrets. In addition, Public keys are referred to as Certificates and Passwords are referred to as Client secrets.
Source: https://docs.microsoft.com/en-us/azure/active-directory/develop/app-registrations-training-guide#keyscertificates--secrets
I verified by logging in Azure AD and walking through the steps.
* Docs: Add information regarding the LDAP Debug View
* Add instructions to compress image when adding them to the documentation
* Add a troubleshooting section to the docs documentation
* LDAP: improve POSIX support
* Correctly abtain DN attributes result
* Allow more flexibility with comparison mapping between POSIX group & user
* Add devenv for POSIX LDAP server
* Correct the docs
Fixes#18140
* Update defaults.ini and sample.ini with the SAML assertion mapping
fields
* Document Grafana's ability to map ACS attributes while a Grafana user is created
* docs: Link to SAML docs and document configuration options
- Document configuration options `defaults.ini` and `sample.ini`
- Add the SAML documentation
- Link to the SAML documentation from "what's new in 6.3"
* Docs: First draft of whats new in 6.3
* Docs: Updated whats new article
* Docs: typos
* docs: fix broken link, add links and update docs index
* Docs: whats new in enterprise
* LDAP:Docs: `active_sync_enabled` setting
Mention `active_sync_enabled` setting and enable it by default
* LDAP: move "disableExternalUser" method
Idea behind new design of the LDAP module is to minimise conflation
between other parts of the system, so it would decoupled as much as
possible from stuff like database, HTTP transport and etc.
Following "Do One Thing and Do It Well" Unix philosophy principal, other things
could be better fitted on the consumer side of things.
Which what this commit trying to archive
* LDAP: correct user/admin binding
The second binding was not happening, so if the admin login/password
in LDAP configuration was correct, anyone could had login as anyone using
incorrect password
* OAuth: github team sync POC
* OAuth: minor refactor of github module
* OAuth: able to use team shorthands for github team sync
* support passing a list of groups via auth-proxy header
* Modify backend to allow expiration of API Keys
* Add middleware test for expired api keys
* Modify frontend to enable expiration of API Keys
* Fix frontend tests
* Fix migration and add index for `expires` field
* Add api key tests for database access
* Substitude time.Now() by a mock for test usage
* Front-end modifications
* Change input label to `Time to live`
* Change input behavior to comply with the other similar
* Add tooltip
* Modify AddApiKey api call response
Expiration should be *time.Time instead of string
* Present expiration date in the selected timezone
* Use kbn for transforming intervals to seconds
* Use `assert` library for tests
* Frontend fixes
Add checks for empty/undefined/null values
* Change expires column from datetime to integer
* Restrict api key duration input
It should be interval not number
* AddApiKey must complain if SecondsToLive is negative
* Declare ErrInvalidApiKeyExpiration
* Move configuration to auth section
* Update docs
* Eliminate alias for models in modified files
* Omit expiration from api response if empty
* Eliminate Goconvey from test file
* Fix test
Do not sleep, use mocked timeNow() instead
* Remove index for expires from api_key table
The index should be anyway on both org_id and expires fields.
However this commit eliminates completely the index for now
since not many rows are expected to be in this table.
* Use getTimeZone function
* Minor change in api key listing
The frontend should display a message instead of empty string
if the key does not expire.
* Fix: Upgrade hugo wip
* Chore: Rename index to _index for latest hugo
* Chore: Use relative refs, no starting slash
* Feat: Add possibility to mount layouts from grafana.org project
* Allow oauth email attribute name to be configurable
Signed-off-by: Bob Shannon <bshannon@palantir.com>
* Document e-mail determination steps for generic oauth
* Add reference to email_attribute_name
* Re-add e-mail determination docs to new generic-oauth page
* Inherit default e-mail attribute from defaults.ini
Alexander Zobnin
stephffuller
Tim Schwenke
Eivind Gussiås Løkseth
Josh Soref
Arve Knudsen
Diana Payton
Galdin Raphael
Amal
fuku
Agnès Toulet
Joe Elliott
Nathan Webster
Sven-Hendrik Haase
Marcus Efraimsson
Ricardo
Mohit Nain
Jeet Parekh
twendt
Leonard Gram
Sriramajeyam
Alexander Morozov
Sebastian Markgraf
Robby Milo
Jon Gyllenswärd
Torkel Ödegaard
Martin Reinhardt
Alexandre de Verteuil
Sofia Papagiannaki
HG00
brew-install-buzzwords
gotjosh
Jérémy Lugand
Bob Shannon
Oleg Gaidarenko
Mikhail f. Shiryaev
Johannes Schill
Navaneesh Kumar
bergquist
flopp999
Jacob Richard
Tomas Dabasinskas
Simon Mattila
Mario Trangoni
Carl Bergquist
Steve Kreitzer
Nick Triller
Matthieu Rudelle
Emil Hessman
Steven Arnott
Ben Doyle
Mike Sollanych