2020-11-15 21:42:02 +00:00
---
title: Rancher
---
2019-12-13 12:53:30 +00:00
2022-06-15 19:31:34 +00:00
< span class = "badge badge--primary" > Support level: authentik< / span >
2019-12-13 14:36:09 +00:00
## What is Rancher
2023-07-31 10:16:58 +00:00
> An enterprise platform for managing Kubernetes Everywhere
> Rancher is a platform built to address the needs of the DevOps teams deploying applications with Kubernetes, and the IT staff responsible for delivering an enterprise-critical service.
>
> -- https://rancher.com/products/rancher
2019-12-13 12:53:30 +00:00
## Preparation
The following placeholders will be used:
2022-05-09 19:22:41 +00:00
- `rancher.company` is the FQDN of the Rancher install.
- `authentik.company` is the FQDN of the authentik install.
2019-12-13 12:53:30 +00:00
2022-10-14 13:38:56 +00:00
Under _Customization_ -> _Property Mappings_ , create a _SAML Property Mapping_ . Give it a name like "SAML Rancher User ID". Set the SAML name to `rancherUidUsername` and the expression to the following
2019-12-13 12:53:30 +00:00
2021-02-07 14:03:26 +00:00
```python
return f"{user.pk}-{user.username}"
```
2022-07-13 21:14:01 +00:00
Create an application in authentik. Set the Launch URL to `https://rancher.company` , as Rancher does not currently support IdP-initiated logins.
Create a SAML provider with the following parameters:
2021-02-07 14:03:26 +00:00
2022-05-09 19:22:41 +00:00
- ACS URL: `https://rancher.company/v1-saml/adfs/saml/acs`
- Audience: `https://rancher.company/v1-saml/adfs/saml/metadata`
- Issuer: `authentik`
- Service Provider Binding: `Post`
- Property mappings: Select all default mappings and the mapping you've created above.
- Signing Certificate: Select the authentik self-signed certificate.
2019-12-13 12:53:30 +00:00
2020-06-18 18:55:55 +00:00
You can of course use a custom signing certificate, and adjust durations.
2019-12-13 12:53:30 +00:00
## Rancher
2022-05-09 19:22:41 +00:00
In Rancher, navigate to _Global_ -> _Security_ -> _Authentication_ , and select ADFS.
2021-02-07 14:03:26 +00:00
Fill in the fields
2022-05-09 19:22:41 +00:00
- Display Name Field: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`
- User Name Field: `http://schemas.goauthentik.io/2021/02/saml/username`
- UID Field: `rancherUidUsername`
- Groups Field: `http://schemas.xmlsoap.org/claims/Group`
2021-02-07 14:03:26 +00:00
2022-05-09 19:22:41 +00:00
For the private key and certificate, you can either generate a new pair (in authentik, navigate to _Identity & Cryptography_ -> _Certificates_ and select Generate), or use an existing pair.
2021-02-07 14:03:26 +00:00
Copy the metadata from authentik, and paste it in the metadata field.
Click on save to test the authentication.
2019-12-13 14:36:09 +00:00
