cancel
Showing results for 
Search instead for 
Did you mean: 

Rancher & SSO Integration returning 403 error

paul_user
Novitiate II

I am attempting to setup Rancher & SSO Integration following the instructions on https://jumpcloud.com/support/integrate-with-rancher in "To Configure Rancher" step 5.

I login to JumpCloud as prompted, login succeeds, then Rancher returns a 403 and the message "Logging in failed: Your account may not be authorized to log in." 

Anyone else seen this or have an idea on how to debug?

Rancher v2.7.6

1 ACCEPTED SOLUTION

paul_user
Novitiate II

After some help from Support and a bit of trial and error. These are the settings that got me working:

 

To setup : JumpCloud
 
Add SSO Application as "Custom SAML App - SAML 2.0"
IdP Entity ID: "Rancher" or something else that is unique
 
SP Entity ID: https://<rancher-domain>/v1-saml/adfs/saml/metadata
ACS URL: https://<rancher-domain>/v1-saml/adfs/saml/acs
SAMLSubject Name ID: username
SAMLSubject NameID format:  urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified 
User attributes: 
username -> username
fullname -> fullname
uid -> uid (Custom User or Group Attribute)
Check "Declare Redirect Endpoint"
Generate your own Pub/Private certificate and upload those to:
IDp Certificate & IDp Private Key
Add a user group you are a part of to the Application.
Save Settings
Open and Export Metadata.
 
Configure Rancher
Select "AD FS".
Display Name Field: fullname
User Name Field: username
UID Field: uid
Groups Field: memberOf
Rancher API Host: https://<rancher-fully-qualified-domain>;
Upload Private and Certificate created above.
Upload Metadata
Click Enable
Authenticate with your company JumpCloud creds.

View solution in original post

3 REPLIES 3

urvashi
Community Manager Community Manager
Community Manager

Hi @paul_user for debugging it would be best to get in touch with support. They can work with you to look through logs etc and will make sure the issue is resolved. 

Thank you and I have been, but they are not sure why its not working. Which is why I am also asking here. 

paul_user
Novitiate II

After some help from Support and a bit of trial and error. These are the settings that got me working:

 

To setup : JumpCloud
 
Add SSO Application as "Custom SAML App - SAML 2.0"
IdP Entity ID: "Rancher" or something else that is unique
 
SP Entity ID: https://<rancher-domain>/v1-saml/adfs/saml/metadata
ACS URL: https://<rancher-domain>/v1-saml/adfs/saml/acs
SAMLSubject Name ID: username
SAMLSubject NameID format:  urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified 
User attributes: 
username -> username
fullname -> fullname
uid -> uid (Custom User or Group Attribute)
Check "Declare Redirect Endpoint"
Generate your own Pub/Private certificate and upload those to:
IDp Certificate & IDp Private Key
Add a user group you are a part of to the Application.
Save Settings
Open and Export Metadata.
 
Configure Rancher
Select "AD FS".
Display Name Field: fullname
User Name Field: username
UID Field: uid
Groups Field: memberOf
Rancher API Host: https://<rancher-fully-qualified-domain>;
Upload Private and Certificate created above.
Upload Metadata
Click Enable
Authenticate with your company JumpCloud creds.
You Might Like

New to the site? Take a look at these additional resources:

Community created scripts

Keep up with Product News

Read our community guidelines

Ready to join us? You can register here.