Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth: Add all settings to Azure AD SSO config UI #83618

Merged
merged 6 commits into from Mar 4, 2024
Merged

Auth: Add all settings to Azure AD SSO config UI #83618

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ac3e896
Add all settings to AzureAD UI
mgyongyosi Feb 28, 2024
7ee036d
Merge remote-tracking branch 'origin/main' into mgyongyosi/sso-azurea…
mgyongyosi Feb 29, 2024
a835da7
prettify
mgyongyosi Feb 29, 2024
ee82be8
Merge remote-tracking branch 'origin/main' into mgyongyosi/sso-azurea…
mgyongyosi Mar 1, 2024
6968ca0
Fixes
mgyongyosi Mar 1, 2024
7fcb7cd
Load extra keys with type assertion
mgyongyosi Mar 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 2 additions & 0 deletions pkg/login/social/connectors/azuread_oauth.go
View file
Open in desktop
Expand Up @@ -200,6 +200,8 @@ func (s *SocialAzureAD) Validate(ctx context.Context, settings ssoModels.SSOSett

return validation.Validate(info, requester,
validateAllowedGroups,
// FIXME: uncomment this after the Terraform provider is updated
//validation.MustBeEmptyValidator(info.ApiUrl, "API URL"),
validation.RequiredUrlValidator(info.AuthUrl, "Auth URL"),
validation.RequiredUrlValidator(info.TokenUrl, "Token URL"))
}
Expand Down
44 changes: 43 additions & 1 deletion public/app/features/auth-config/fields.tsx
View file
Open in desktop
Expand Up @@ -14,7 +14,6 @@ export const fields: Record<SSOProvider['provider'], Array<keyof SSOProvider['se
github: ['name', 'clientId', 'clientSecret', 'teamIds', 'allowedOrganizations'],
google: ['name', 'clientId', 'clientSecret', 'allowedDomains'],
gitlab: ['name', 'clientId', 'clientSecret', 'allowedOrganizations', 'teamIds'],
azuread: ['name', 'clientId', 'clientSecret', 'authUrl', 'tokenUrl', 'scopes', 'allowedGroups', 'allowedDomains'],
okta: [
'name',
'clientId',
Expand All @@ -39,6 +38,44 @@ type Section = Record<
>;

export const sectionFields: Section = {
azuread: [
{
name: 'General settings',
id: 'general',
fields: [
'name',
'clientId',
'clientSecret',
'scopes',
'authUrl',
'tokenUrl',
'allowSignUp',
'autoLogin',
'signoutRedirectUrl',
],
},
{
name: 'User mapping',
id: 'user',
fields: ['roleAttributePath', 'roleAttributeStrict', 'allowAssignGrafanaAdmin', 'skipOrgRoleSync'],
},
{
name: 'Extra security measures',
id: 'extra',
fields: [
'allowedOrganizations',
'allowedDomains',
'allowedGroups',
'forceUseGraphApi',
'usePkce',
'useRefreshToken',
'tlsSkipVerifyInsecure',
'tlsClientCert',
'tlsClientKey',
'tlsClientCa',
dmihai marked this conversation as resolved.
Show resolved Hide resolved
],
},
],
generic_oauth: [
{
name: 'General settings',
Expand Down Expand Up @@ -320,6 +357,11 @@ export function fieldMap(provider: string): Record<string, FieldData> {
label: 'Define allowed teams ids',
type: 'switch',
},
forceUseGraphApi: {
label: 'Force use Graph API',
description: "If enabled, Grafana will fetch the users' groups using the Microsoft Graph API.",
type: 'checkbox',
},
usePkce: {
label: 'Use PKCE',
description: (
Expand Down
2 changes: 2 additions & 0 deletions public/app/features/auth-config/types.ts
View file
Open in desktop
Expand Up @@ -53,6 +53,8 @@ export type SSOProviderSettingsBase = {
defineAllowedTeamsIds?: boolean;
configureTLS?: boolean;
tlsSkipVerifyInsecure?: boolean;
// For Azure AD
forceUseGraphApi?: boolean;
};

// SSO data received from the API and sent to it
Expand Down