Authentik + Grafana SSO: Complete Setup & 11 Things That Broke скачать в хорошем качестве

Authentik + Grafana SSO: Complete Setup & 11 Things That Broke

Deploying Authentik as an OIDC provider for Grafana across separate VLANs — and every issue that happened along the way. This isn't a clean walkthrough where everything works on the first try. It's the real deployment: 11 failures, the diagnostic reasoning behind each fix, and the security trade-offs you actually have to make. This video covers the full stack: Authentik (VLAN 80), Grafana + Prometheus + 3 exporters (VLAN 75), OAuth2/OIDC wiring, group-based role mapping, Docker Compose for both stacks, and the debugging commands that saved hours of guessing. The companion blog post with every config block, compose file, and troubleshooting command: https://oobskulden.com/2026/02/authentik--... CHAPTERS 00:00 Introduction 00:42 Homelab Network Architecture — Two-VLAN Design 02:22 Authentik Server — Docker Install on Debian 13 06:10 PostgreSQL Password and Secret Key — Environment Variables 08:42 Authentik Docker Compose Install 11:56 Authentik Troubleshooting — Initialization and Password Validation 16:08 Grafana, Prometheus, and Node Exporter — Docker Compose Setup 20:20 Prometheus Troubleshooting — Initialization Fix 21:17 Authentik OAuth2 Provider — OIDC Configuration for Grafana 27:14 Authentik to Grafana — First SSO Login 28:07 Grafana Troubleshooting — Client Secret 128-Character Requirement 31:27 Grafana Troubleshooting — Sign Up Is Turned Off Fix 33:11 Authentik Users and Groups — Role-Based Access Setup 39:19 Grafana — Adding Prometheus Data Source 40:33 Wrap-Up -- THE 11 THINGS THAT BROKE -- 1. Django SECRET_KEY Warning (W009) 2. "Flow Does Not Apply to Current User" 3. Database Lock Hang 4. Environment Variable Name Mismatch 5. Prometheus Mount Error 6. OAuth Button Missing from Grafana Login 7. Redirect URI Error (Grafana Sends Localhost) 8. TLS Certificate Rejection (x509 IP SAN) 9. Client Secret Mismatch (Off by One) 10. "Sign Up Is Disabled" 11. User Sync Failed (Test Data Pollution) -- SERIES -- Part 1: Build & Setup (this video) Part 2: Vulnerability Assessment — 15 findings and Hardening in 90 minutes -- RESOURCES -- Blog post (full configs): https://oobskulden.com/posts/authentik-gra... Vulnerability assessment: https://oobskulden.com/posts/grafana-monit... Hardening guide: https://oobskulden.com/posts/grafana-monit... Authentik docs: https://docs.goauthentik.io/ Grafana OAuth docs: https://grafana.com/docs/grafana/latest/se... Authentik-Grafana integration guide: https://docs.goauthentik.io/integrations/s... -- TOOLS USED -- Authentik 2025.12.3 | Grafana 12.3.2 | Prometheus | Docker Compose Node Exporter | cAdvisor | Blackbox Exporter | Debian 13 #authentik #grafana #sso #oauth #oidc #docker #homelab #monitoring #prometheus #security #selfhosted #devops #cybersecurity #identitymanagement Published by Oob Skulden™ — Stay Paranoid.