Fixed SSO grafana authentication

bootstrap.yml

@@ -110,3 +110,15 @@
       client_authenticator_type: client-secret
       id: a6960246-4aa9-495f-8843-69d664dba0ea
       secret: "{{ grafana_kc_client_secret }}"
+
+  - name: Updating ca certificates of Grafana container
+    community.docker.docker_container_exec:
+      user: 0
+      command: update-ca-certificates
+      container: infra-grafana
+
+  - name: Restarting grafana container
+    community.docker.docker_container:
+      name: infra-grafana
+      state: started
+      restart: true

templates/compose.yml

@@ -59,7 +59,7 @@ services:
       - grafana-storage:/var/lib/grafana
       - type: bind
         source: ./grafana/mforcen.crt
-        target: /etc/ssl/mforcen.crt
+        target: /usr/local/share/ca-certificates/mforcen.crt
       - type: bind
         source: ./grafana/ssl
         target: /ssl
@@ -86,6 +86,7 @@ services:
       GF_AUTH_GENERIC_OAUTH_ENABLED: true
       GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
       GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ grafana_kc_client_secret }}
+      GF_AUTH_GENERIC_OAUTH_SCOPES: openid email profile offline_access roles
       GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH: email
       GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH: username
       GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH: full_name