This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Rancher & SSO Integration returning 403 error

Go to solution
paul_user
Novitiate II

‎05-09-2024 07:42 PM - edited ‎05-13-2024 02:01 PM

I am attempting to setup Rancher & SSO Integration following the instructions on https://jumpcloud.com/support/integrate-with-rancher in "To Configure Rancher" step 5.

I login to JumpCloud as prompted, login succeeds, then Rancher returns a 403 and the message "Logging in failed: Your account may not be authorized to log in." 

Anyone else seen this or have an idea on how to debug?

Rancher v2.7.6

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
paul_user
Novitiate II

‎05-10-2024 07:15 PM

After some help from Support and a bit of trial and error. These are the settings that got me working:

 

To setup : JumpCloud
 
Add SSO Application as "Custom SAML App - SAML 2.0"
IdP Entity ID: "Rancher" or something else that is unique
 
SP Entity ID: https://<rancher-domain>/v1-saml/adfs/saml/metadata
ACS URL: https://<rancher-domain>/v1-saml/adfs/saml/acs
SAMLSubject Name ID: username
SAMLSubject NameID format:  urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified 
User attributes: 
username -> username
fullname -> fullname
uid -> uid (Custom User or Group Attribute)
Check "Declare Redirect Endpoint"
Generate your own Pub/Private certificate and upload those to:
IDp Certificate & IDp Private Key
Add a user group you are a part of to the Application.
Save Settings
Open and Export Metadata.
 
Configure Rancher
Select "AD FS".
Display Name Field: fullname
User Name Field: username
UID Field: uid
Groups Field: memberOf
Rancher API Host: https://<rancher-fully-qualified-domain>;
Upload Private and Certificate created above.
Upload Metadata
Click Enable
Authenticate with your company JumpCloud creds.

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
urvashi
Community Manager Community Manager
Community Manager

‎05-10-2024 09:39 AM

Hi @paul_user for debugging it would be best to get in touch with support. They can work with you to look through logs etc and will make sure the issue is resolved. 

0 Kudos

Go to solution
paul_user
Novitiate II
In response to urvashi

‎05-10-2024 02:45 PM

Thank you and I have been, but they are not sure why its not working. Which is why I am also asking here. 

0 Kudos

Go to solution
paul_user
Novitiate II

‎05-10-2024 07:15 PM

After some help from Support and a bit of trial and error. These are the settings that got me working:

 

To setup : JumpCloud
 
Add SSO Application as "Custom SAML App - SAML 2.0"
IdP Entity ID: "Rancher" or something else that is unique
 
SP Entity ID: https://<rancher-domain>/v1-saml/adfs/saml/metadata
ACS URL: https://<rancher-domain>/v1-saml/adfs/saml/acs
SAMLSubject Name ID: username
SAMLSubject NameID format:  urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified 
User attributes: 
username -> username
fullname -> fullname
uid -> uid (Custom User or Group Attribute)
Check "Declare Redirect Endpoint"
Generate your own Pub/Private certificate and upload those to:
IDp Certificate & IDp Private Key
Add a user group you are a part of to the Application.
Save Settings
Open and Export Metadata.
 
Configure Rancher
Select "AD FS".
Display Name Field: fullname
User Name Field: username
UID Field: uid
Groups Field: memberOf
Rancher API Host: https://<rancher-fully-qualified-domain>;
Upload Private and Certificate created above.
Upload Metadata
Click Enable
Authenticate with your company JumpCloud creds.
0 Kudos
You Might Like

New to the site? Take a look at these additional resources:

Community created scripts

Keep up with Product News

Read our community guidelines

Ready to join us? You can register here.