Skip to content

Commit ccb9d9e

Browse files
fix: grafana logout not working in some environments (defenseunicorns#559)
## Description Updated grafana values to include a proper signout url that manages removing the session from both grafana and keycloak. Also added the group auth definition to grafana to require that users have `/UDS Core/Admin` membership ( kind of redundant since it already requires users be an admin but this will just reinforce that a bit more ). ## Related Issue Fixes defenseunicorns#515 ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
1 parent e505dc9 commit ccb9d9e

1 file changed

Lines changed: 1 addition & 0 deletions

File tree

src/grafana/values/values.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ grafana.ini:
3232
name: UDS Identity Service
3333
auth_url: https://sso.###ZARF_VAR_DOMAIN###/realms/uds/protocol/openid-connect/auth
3434
token_url: http://keycloak-http.keycloak.svc.cluster.local:8080/realms/uds/protocol/openid-connect/token
35+
signout_redirect_url: https://sso.###ZARF_VAR_DOMAIN###/realms/uds/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2Fgrafana.admin.###ZARF_VAR_DOMAIN###%2Flogin%2Fgeneric_oauth
3536
allow_sign_up: true
3637
# Require a UDS Core group to access Grafana
3738
role_attribute_path: "contains(groups[], '/UDS Core/Admin') && 'Admin' || contains(groups[], '/UDS Core/Auditor') && 'Viewer' || 'Unauthorized'"

0 commit comments

Comments
 (0)