I am looking for a precise enough guide on how to configure ADFS login (service provider (SP) initiated logins) to Grafana. I have a Prometheus-Loki-Grafana instance running in K8s and Grafana can be accessed at https://grafana.prod.mydomain/login
I have read the docs and here and here but I'm left with questions on the exact steps :
Where is the config file to be edited for k8s installations? The docs have
/usr/local/etc/grafana/grafana.ini
and two other paths:$WORKING_DIR/conf/defaults.ini
/etc/grafana/grafana.ini
Are these the correct variables to setup or Im missing something else :
enabled
allow_sign_up
idp_metadata,
idp_metadata_path, or idp_metadata_url
private_key or private_key_path
idp_metadata
,idp_metadata_path
oridp_metadata_url
-- Where/How do I get this ?private_key or private_key_path
-- Where/How do I get this?This docs state that "For the SAML integration to work correctly, you need to make the IdP aware of the SP". My understanding is that this means establishing a "handshake" between SP (Grafana) and IdP (ADFS) but I'm not sure about where I get the values for :
/saml/metadata endpoint
/saml/acs endpoint
How do I test that the config is working?
Where do I test from ? Grafana ? ADFS? Or both?
What do I need to setup from ADFS side?
I have looked at a similar issue on this thread but again it has insufficient detail for what I need and I can see it contains some variables that are no longer in the documentation.