第三方系统通过iframe嵌套集成grafana

具体步骤：

1. 开启允许集成嵌套配置，默认不允许

[security] allow_embedding = true

2. 生成签名验证文件（官网提供三种方式，具体参考官网）

在线生成JWK：https://mkjwk.org/

复制生成的shared key set 到文件jwks.json中
cat jwks.json
{ "keys": [ { "kty": "oct", "use": "sig", "kid": "FCGNjZstuoQZwCXYgCjSwCsHpo1hs9TTfESoOfZYU-M", "k": "ncUW_G8A_kbkF47L6WP6OmUgjiq4cHyRhvg_9KyYbBUPYXaMvaYR29dxky-NiY0uQsP45Y7LfVgyrDfDpV860GgdJgsVPVT5M1ANgVkACucZMF1JDjaFIlWECWgtSkx1BTHYQiOavFI4rIIm09KUoLLBZ9XxmU_ilPFdtV5EUb-dn1QCzJn_Lo7R-0voBfFFYCOnL8tRk07lzaaBMnEtnc1s9EC6qGLHxY2Ivppbihls-GMZCGTbn2C9iYMY4k1EvIjvBn3FcqYlCDj7Zbt3hwMCy9XXZ0hEDKF25maDIA2cTbbC1dPsHcfGl7Jr7K2v3C9VZK45lEj1Wd9Huo7KaQ", "alg": "HS256" } ] }

3. 生成jwt

token加密解密站点：https://jwt.io/

具体参数配置如下，可根据需要修改，注意："your-256-bit-secret"是jwks.json中的“k”的值，不修改使用下面已生成jwt即可
HEADER

{
"alg": "HS256",
"typ": "JWT",
"kid": "FCGNjZstuoQZwCXYgCjSwCsHpo1hs9TTfESoOfZYU-M"
}

PAYLOAD

{
"sub": "hy-dev-user",
"name": "hy-dev-user",
"iat": 1713418413,
"exp": 4869092013,
"iss": "https://my-token-issuer",
"org": "hy",
"role": "Viewer"
}

cat grafana-jwt.txt
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkZDR05qWnN0dW9RWndDWFlnQ2pTd0NzSHBvMWhzOVRUZkVTb09mWllVLU0ifQ.eyJzdWIiOiJoeS1kZXYtdXNlciIsIm5hbWUiOiJoeS1kZXYtdXNlciIsImlhdCI6MTcxMzQxODQxMywiZXhwIjo0ODY5MDkyMDEzLCJpc3MiOiJodHRwczovL215LXRva2VuLWlzc3VlciIsIm9yZyI6Imh5Iiwicm9sZSI6IlZpZXdlciJ9.8NL2dpKjpUp_MzLzyit-388mCMAo0SzCHLLcFJZ1nrY

4. 修改相关配置

cat grafana.ini
[auth.jwt]

enabled = true

header_name = X-JWT-Assertion

role_attribute_path = contains(info.roles[], 'admin') && 'Admin' || contains(info.roles[], 'editor') && 'Editor' || 'Viewer'

jwk_set_file =conf/jwks.json (定义签名验证文件)

expect_claims = {"iss": "https://my-token-issuer", "org": "hy"}

allow_assign_grafana_admin = false

skip_org_role_sync = true

username_claim = sub

email_claim = email

auto_sign_up = true

url_login = true

5. 在现有系统中集成配置

                        <div class="card-body">
                            <iframe src="https://xxx.com/grafana/d/aka/be9e3f56-70f9-509c-9efd-be6e2c0b5292?orgId=1&auth_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkZDR05qWnN0dW9RWndDWFlnQ2pTd0NzSHBvMWhzOVRUZkVTb09mWllVLU0ifQ.eyJzdWIiOiJoeS1kZXYtdXNlciIsIm5hbWUiOiJoeS1kZXYtdXNlciIsImlhdCI6MTcxMzQxODQxMywiZXhwIjo0ODY5MDkyMDEzLCJpc3MiOiJodHRwczovL215LXRva2VuLWlzc3VlciIsIm9yZyI6Imh5Iiwicm9sZSI6IlZpZXdlciJ9.8NL2dpKjpUp_MzLzyit-388mCMAo0SzCHLLcFJZ1nrY" width="100%" scrolling="No" height="730px" frameborder="0">

                            </iframe>
                        </div>