Grafana + SAML failure: Failed to save the SAML received information

1

I tried setting up Managed Grafana, and used our corporate Active Directory as the IdP. As far as anyone can tell, the request to AD is authorized; the AD logs show that it succeds. I click on "Sign in with SAML", go through the AD login with 2FA, but the grafana login fails with the message "Failed to save the SAML received information" SAML failure.

Looking at the Network tab of the developer tools, the failure is in "writer", whatever that is: Request URL: https://g-4214ebe32a.grafana-workspace.us-east-2.amazonaws.com/api/recording-rules/writer Request Method: GET Status Code: 401 Unauthorized Remote Address: 3.137.70.86:443 Referrer Policy: strict-origin-when-cross-origin

As far as I can tell, I have followed https://aws.amazon.com/blogs/mt/amazon-managed-grafana-supports-direct-saml-integration-with-identity-providers/ to the letter. https://docs.aws.amazon.com/grafana/latest/userguide/security_iam_troubleshoot.html is not of any help either.

I have many skills, but Microsoft AD magic spells is not one of them. Help?

Thanks,

/ji

2개 답변
0

Am I correct that you are using Azure Active Directory?
Have you reviewed the following documents?
https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/amazon-managed-grafana-tutorial

Basically, if you have followed the steps in the following document, there should be no problem on the AWS side.
https://docs.aws.amazon.com/grafana/latest/userguide/AMG-SAML-providers-Azure.html

profile picture
전문가
답변함 10달 전
  • I am following the instructions to the letter. I looked at the browser (Chrome) developer tools, and what is failing is a call to https://g-XXXXXXXXXX.grafana-workspace.us-east-1.amazonaws.com/api/recording-rules/writer with the following information:

    Request Method:
    GET
    Status Code:
    401 Unauthorized
    Remote Address:
    44.197.41.214:443
    

    The role under which grafana is running has grafana:* in the actions, and "*" in the resources! How much more permissive can it get?

0

Hello @ji I'm having the same issue did you solved your issue?

mt
답변함 3달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠