From 68e55131b5e02340e577dd88358624f9e9310cfb Mon Sep 17 00:00:00 2001
From: Quang Khai Nguyen <qngkhai.nguyen@gmail.com>
Date: Sat, 18 Apr 2026 21:51:27 +0200
Subject: [PATCH] FIX SSO Login setting from Grafana

---
 prometheus/grafana/config.monitoring | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/prometheus/grafana/config.monitoring b/prometheus/grafana/config.monitoring
index cc86ec6..a87a6f9 100644
--- a/prometheus/grafana/config.monitoring
+++ b/prometheus/grafana/config.monitoring
@@ -4,14 +4,22 @@ GF_AUTH_DISABLE_LOGIN_FORM=true
 
 GF_AUTH_GENERIC_OAUTH_ENABLED=true
 GF_AUTH_GENERIC_OAUTH_NAME=Authelia
-GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=false
+GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true
 GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana
-GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=<grafana-client-secret-raw>
-GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email
+GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=VeNuocNuocVe26!
+GF_AUTH_GENERIC_OAUTH_SCOPES="openid profile email"
+GF_AUTH_GENERIC_OAUTH_USE_ID_TOKEN=true
 
 GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://auth.quangkhai.ch/api/oidc/authorization
 GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://auth.quangkhai.ch/api/oidc/token
 GF_AUTH_GENERIC_OAUTH_API_URL=https://auth.quangkhai.ch/api/oidc/userinfo
 
-GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE=email
-GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE=name
\ No newline at end of file
+# 2. Map the ID (used for login)
+# Many OIDC providers use 'preferred_username' or 'sub'
+GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
+
+# 3. Map the Email
+GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email
+
+# 4. Map the Name (optional, but good for profile)
+GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=name
\ No newline at end of file