ssveta7ak
ssveta7ak
@desimone, @kenjenkins GF_AUTH_DISABLE_LOGIN_FORM=true doesn't help. The IdP Log in still doesn't work. Without this parameter, it's impossible to log into Grafana. 
 logs ``` grafana_core-pomerium-1 | {"level":"info","service":"authorize","request-id":"5318e70e-028d-4824-b605-50093150f5dd","check-request-id":"5318e70e-028d-4824-b605-50093150f5dd","method":"GET","path":"/","host":"grafana.localhost.pomerium.io","query":"","ip":"172.23.0.1","session-id":"8b05c98c-a488-4e54-88c4-fea3a1365fa7","allow":true,"allow-why-true":["domain-ok"],"deny":false,"deny-why-false":["valid-client-certificate-or-none-required"],"user":"google-oauth2|104583909997507305030","email":"[email protected]","time":"2023-08-15T18:42:08Z","message":"authorize check"} grafana_core-grafana-1 | logger=context t=2023-08-15T18:42:08.466371111Z level=warn msg="Invalid JWT" error="Get \"https://grafana.localhost.pomerium.io/.well-known/pomerium/jwks.json\": tls: failed to verify certificate: x509: certificate signed by unknown authority"...
Currently, the **Core** and **Console** offer the following operators for the Client Certificates policy criteria: - fingerprint - spki_hash - san_email - san_dns - san_uri
Implemented. Checked on Core v0.26.0-40-g9fe646f2 + 9fe646f Enterprise 0.26.1-1721416687 + cb0a578 + 2024-07-19T03:47:24 + 01:00
Implemented. Checked on pomerium: 0.26.0-1715969560+adb5f781
Implemented. Works as expected. Checked on Core v0.25.0-147-g568e99fd + 568e99fd