Ich versuche, OpenGL (Identity Provider) mit Grafana mit generischen oauth zu integrieren. Ich habe die Endpunkte und alle in der Konfiguration erwähnt. Es leitet zum openAM-Server um und fragt nach Anmeldeinformationen. aber nach dem Klicken auf "Erlauben" -Schaltfläche zeigt es Server Side Error. Ich habe grafana.log überprüft. es zeigt sich so.Grafana Integration mit Identity Provider mit Openid-Connect und generischen oauth
t = 2017-12-31T12: 26: 52 + 0530 lvl = info msg = "Anforderung abgeschlossen" logger = Kontext userId = 0 orgId = 0 uname = Methode = GET Pfad =/login/generic_oauth Status = 302 remote_addr = 192.168.1.153 time_ms = 0 size = 338 referer = http://grafana.oneeight.com:3000/login t = 2017-12-31T12: 27: 26 + 0530 lvl = eror msg = "login.OAuthLogin (Informationen von generic_oauth erhalten)" logger = context userId = 0 orgId = 0 uname = error = "Fehler beim Abrufen der Benutzerinformationen: {\" error_description \ ": \" Das angegebene Zugriffs-Token ist abgelaufen, widerrufen, fehlerhaft oder aus anderen Gründen ungültig. \ ", \" Error \ ": \" invalid_token \ "}" t = 2017-12-31T12: 27: 26 + 0530 lvl = eror msg = "Anforderung abgeschlossen" logger = Kontext userId = 0 orgId = 0 uname = Methode = GET Pfad =/login/generic_oauth status = 500 remote_addr = 192.168.1.153 time_ms = 92 Größe = 1147 referer = "http://openam13.oneeight.com:8080/openam/oauth2/authorize?realm=Operatoren & access_type = online & client_id = operator_id & redirect_uri = http% 3A% 2F% 2Fgrafana.oneeight.com% 3A3000% 2Flogin% 2Fgeneric_oauth & response_type = Code & scope = uid + openid Profil + & state = OpiuNzehHEqm0hq93ogfKoSG1% 2FMJXtcrhPgDz22Glc0% 3D“ t = 2017-12-31T12: 27: 26 + 0530 lvl = info msg = "Anfrage abgeschlossen" logger = Kontext userId = 0 orgId = 0 uname = Methode = GET Pfad =/public/css/fonts.min.css status = 404 remote_addr = 192.168.1.153 time_ms = 1 size = 11374 referer = "http://grafana.oneeight.com:3000/login/generic_oauth?code=ae93d8c7-3349-4618-88d3-c7f31645e6ff & scope = uid% 20offene% 20Profile & Zustand = OpiuNzehHEqm0hq93ogfKoSG1% 2FMJXtcrhPgDz22Glc0% 3D " t = 2017-12-31T12: 27: 26 + 0530 lvl = info msg =" Request Completed "-Logger = Kontext userId = 0 orgId = 0 uname = Methode = GET Pfad =/public/build/grafana.dark.min.css Status = 404 remote_addr = 192.168.1.153 time_ms = 2 Größe = 11374 referer = "http: // grafana. oneeight.com:3000/login/generic_oauth?code=ae93d8c7-3349-4618-88d3-c7f31645e6ff & scope = uid% 20openid% 20profile & state = OpiuNzehHEqm0hq93ogfKoSG1% 2FMJXtcrhPgDz22Glc0% 3D“ Kann jemand bitte die Lösung helfen, herauszufinden?
wird hier von Protokollen von OpenAM gesetzt, wenn grafana Benutzerdaten
b8efbd7-768a-4038-af7f-cd2de423d285-12480" zuzugreifen versucht, "2018-01-02T06: 09: 25.965Z", "AM -ACCESS-OUTCOME "," eb8efbd7-768a-4038-af7f-cd2de423d285-12478 "," id = vipin, ou = Benutzer, o = Operatoren, ou = Dienste, dc = oneeight, dc = com "," " 444b699c238b89d301 ""] "," 192.168.1.77 "," 8080 "," 192.168.1.153 "," 51058 ",,,," false "," GET "," http://openam13.oneeight.com:8080/openam/oauth2/authorize "," {"" realm "": [ Operatoren, Zugriffstyp: [online], client_id: [operator_id], Antworttyp: [code)] "scope" ": [" "uid% 20openid% 20profile" "]," "state" ": [" "qbHM3cXul897yzIMeK5rQD4TZicEzw5N22F% 2FrS3E8ls% 3D" "]}" {"" accept "": ["" text/html, application/xhtml + xml, application/xml; q = 0,9, image/webp, image/apng, /; q = 0,8 "", "host": ["openam13.oneeight.com:8080"], "referer": ["http://openam13.oneeight.com:8080/openam/XUI/"], "Upgrade-unsichere-Anforderungen "": "1" "," user-agent "": ["" Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537,36 (KHTML, wie Gecko) Chrome/63.0.3239.108 Safari/537.36 ""]} "," JSESSIONID ":" 9C5CF9FDE026ECFF31BD51935CC8E45D "," amlbcookie ":" "01" "," "i18next" ":" "en-US" "}" ,, "ERFOLGREICH" ,, "10", "MILLISECONDS", "OAuth", "/ Operatoren" "eb8efbd7-768a-4038-af7f -cd2de423d285-12483 "," 2018-01-02T06: 09: 32.981Z "," AM-ZUGANGSERGEBNISSE "," eb8efbd7-768a-4038-af7f-cd2de423d285-12481 "," id = vipin, ou = user, o = Operatoren, ou = Dienste, dc = oneeight, dc = com, 444b699c238b89d301, 192.168.1.77, 8080, 192.168.1.153 "," 51058 ",,,," false "," POST "," http://openam13.oneeight.com:8080/openam/oauth2/authorize "," Realm ": [" Operatoren "]," access_type "": ["" online "" ] "client_id": ["operator_id"], "response_type" ": [code" "]," scope "": ["" uid% 20openid% 20profil "]," " Status "": ["" qbHM3cXul897yzIMeK5rQD4TZicEzw5N22F% 2FrS3E8ls% 3D ""]} "," {"" akzeptieren "": ["" text/html, application/xhtml + xml, application/xml; q = 0.9, image/webp , image/apng, /; q = 0,8 "", "host": ["" openam13.oneeight.com:8080 "]," Ursprung "": ["" http://openam13.oneeight.com:8080 ""], Referer: [http://openam13.oneeight.com:8080/openam/oauth2/authorize?realm=Operators&access_type=online&client_id=operator_id&redirect_uri=http%3A%2F%2Fgrafana.oneeight.com%3A3000%2Flogin%2Fgeneric_oauth&response_type=code&scope=uid%20openid%20profile&state=qbHM3cXul897yzIMeK5rQD4TZicEzw5N22F%2FrS3E8ls%3D], Upgrade-unsichere Anforderungen: [1], User-Agent: [Mozilla/5.0 (X11; Fedora ; Linux x86_64) AppleWebKit/537.36 (KHTML, wie Gecko) Chrome/63.0.3239.108 Safari/537.36 ""}} "," JSESSIONID ":" 9C5CF9FDE026ECFF31BD51935CC8E45D "," "amlbcookie" ":" "01 "", "i18next" ":" "en" "}" ,, "ERFOLGREICH" ,, "34", "MILLISECONDS", "OAuth", "/ Operatoren" "eb8efbd7-768a-4038-af7f- cd2de423d285-12496 "," 2018-01-02T06: 09: 33.221Z "," AM-ACCESS-OUTCOME "," eb8efbd7-768a-4038-af7f-cd2de423d285-12484 "," id = vipin, ou = Benutzer, o = Operatoren, ou = Dienste , dc = oneeight, dc = com "", d02fa012-ddff-40a1-ba83- 3de3de2e18d6, 69b85d3a-7ee8-4f01-a259-0ae26bfec634 "", "192.168.1.77", "8080 "," 192.168.1.148 "," 57122 ",,,," false "," POST "," http://openam13.oneeight.com:8080/openam/oauth2/access_token "," {"" realm "": ["" Operatoren ""]} "," {"" host "": ["" openam13.oneeight.com:8080""],""user-agent"":[""Go-http-client/1.1""]}" ,"{}",,,SUCCESSFUL " ,, "scope" ":" uid openid profile "", "token_type" ":" "Träger" "}", "216", "MILLISECONDS", "OAuth", "/ Operatoren"
Danke für die Überlegung. Die Konfigurationen entsprechen denen, die in den grafana-Dokumentationen definiert sind. – Pratik
Ich habe die Frage mit OpenAM-Logs bearbeitet. – Pratik
Wenn Sie Ihren Beitrag bearbeiten und die Protokollzeilen um 4 Leerzeichen einrücken, werden sie im Post als formatierter Text angezeigt. Im Moment ist es sehr schwierig zu entziffern, was dort vor sich geht. Es sieht so aus, als wären Ihre Bereiche auf "uididid profile" eingestellt, das sollte nicht mit Ihrem aktuellen Problem zusammenhängen, aber Grafana benötigt die E-Mail-Adresse des Benutzers, damit die Anmeldung funktioniert. – AussieDan