authentik/website/integrations/services/rancher/index.md

---
title: Rancher
---

<span class="badge badge--primary">Support level: authentik</span>

## What is Rancher

From https://rancher.com/products/rancher

:::note
An enterprise platform for managing Kubernetes Everywhere
Rancher is a platform built to address the needs of the DevOps teams deploying applications with Kubernetes, and the IT staff responsible for delivering an enterprise-critical service.
:::

## Preparation

The following placeholders will be used:

-   `rancher.company` is the FQDN of the Rancher install.
-   `authentik.company` is the FQDN of the authentik install.

Under _Property Mappings_, create a _SAML Property Mapping_. Give it a name like "SAML Rancher User ID". Set the SAML name to `rancherUidUsername` and the expression to the following

```python
return f"{user.pk}-{user.username}"
```

Create an application in authentik. Set the Launch URL to `https://rancher.company`, as Rancher does not currently support IdP-initiated logins.

Create a SAML provider with the following parameters:

-   ACS URL: `https://rancher.company/v1-saml/adfs/saml/acs`
-   Audience: `https://rancher.company/v1-saml/adfs/saml/metadata`
-   Issuer: `authentik`
-   Service Provider Binding: `Post`
-   Property mappings: Select all default mappings and the mapping you've created above.
-   Signing Certificate: Select the authentik self-signed certificate.

You can of course use a custom signing certificate, and adjust durations.

## Rancher

In Rancher, navigate to _Global_ -> _Security_ -> _Authentication_, and select ADFS.

Fill in the fields

-   Display Name Field: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`
-   User Name Field: `http://schemas.goauthentik.io/2021/02/saml/username`
-   UID Field: `rancherUidUsername`
-   Groups Field: `http://schemas.xmlsoap.org/claims/Group`

For the private key and certificate, you can either generate a new pair (in authentik, navigate to _Identity & Cryptography_ -> _Certificates_ and select Generate), or use an existing pair.

Copy the metadata from authentik, and paste it in the metadata field.

Click on save to test the authentication.

![](./rancher.png)
Migrate to Docusaurus (#329) * docs: initial migration to docusaurus * website: add custom font, update blurbs and icons * website: update splash * root: update links to docs * flows: use .pbflow extension so docusaurus doesn't mangle the files * e2e: workaround prospector * Squashed commit of the following: commit 1248585dcae5d65ddb8ecc75b76204fd1407c33a Author: Jens Langhammer <jens.langhammer@beryju.org> Date: Sun Nov 15 20:46:53 2020 +0100 e2e: attempt to fix prospector error again commit 1319c480c4c6f86cf0dde91305dea52749c867a3 Author: Jens Langhammer <jens.langhammer@beryju.org> Date: Sun Nov 15 20:41:35 2020 +0100 ci: install previous python version for upgrade testing * web: update accent colours and format * website: format markdown files * website: fix colours for text * website: switch to temporary accent colour to improve readability * flows: fix path for TestTransferDocs * flows: fix formatting of tests 2020-11-15 21:42:02 +00:00			`---`
			`title: Rancher`
			`---`
docs: add rancher integration 2019-12-13 12:53:30 +00:00
website/docs: support levels (#3103) * website/docs: add badges for integration level Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add badge for sources Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-06-15 19:31:34 +00:00			`<span class="badge badge--primary">Support level: authentik</span>`

docs: add harbor integration, cleanup 2019-12-13 14:36:09 +00:00			`## What is Rancher`

			`From https://rancher.com/products/rancher`

Migrate to Docusaurus (#329) * docs: initial migration to docusaurus * website: add custom font, update blurbs and icons * website: update splash * root: update links to docs * flows: use .pbflow extension so docusaurus doesn't mangle the files * e2e: workaround prospector * Squashed commit of the following: commit 1248585dcae5d65ddb8ecc75b76204fd1407c33a Author: Jens Langhammer <jens.langhammer@beryju.org> Date: Sun Nov 15 20:46:53 2020 +0100 e2e: attempt to fix prospector error again commit 1319c480c4c6f86cf0dde91305dea52749c867a3 Author: Jens Langhammer <jens.langhammer@beryju.org> Date: Sun Nov 15 20:41:35 2020 +0100 ci: install previous python version for upgrade testing * web: update accent colours and format * website: format markdown files * website: fix colours for text * website: switch to temporary accent colour to improve readability * flows: fix path for TestTransferDocs * flows: fix formatting of tests 2020-11-15 21:42:02 +00:00			`:::note`
			`An enterprise platform for managing Kubernetes Everywhere`
			`Rancher is a platform built to address the needs of the DevOps teams deploying applications with Kubernetes, and the IT staff responsible for delivering an enterprise-critical service.`
			`:::`
docs: add rancher integration 2019-12-13 12:53:30 +00:00
			`## Preparation`

			`The following placeholders will be used:`

website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00			- `rancher.company` is the FQDN of the Rancher install.
			- `authentik.company` is the FQDN of the authentik install.
docs: add rancher integration 2019-12-13 12:53:30 +00:00
website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00			Under _Property Mappings_, create a _SAML Property Mapping_. Give it a name like "SAML Rancher User ID". Set the SAML name to `rancherUidUsername` and the expression to the following
docs: add rancher integration 2019-12-13 12:53:30 +00:00
docs: update rancher docs and add to affected for update 2021-02-07 14:03:26 +00:00			```python
			`return f"{user.pk}-{user.username}"`
			```

website/integrations: add note for rancher idp initiated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-07-13 21:14:01 +00:00			Create an application in authentik. Set the Launch URL to `https://rancher.company`, as Rancher does not currently support IdP-initiated logins.

			`Create a SAML provider with the following parameters:`
docs: update rancher docs and add to affected for update 2021-02-07 14:03:26 +00:00
website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00			- ACS URL: `https://rancher.company/v1-saml/adfs/saml/acs`
			- Audience: `https://rancher.company/v1-saml/adfs/saml/metadata`
			- Issuer: `authentik`
			- Service Provider Binding: `Post`
			`- Property mappings: Select all default mappings and the mapping you've created above.`
			`- Signing Certificate: Select the authentik self-signed certificate.`
docs: add rancher integration 2019-12-13 12:53:30 +00:00
docs(index.md): capitalisation & punctuation 2020-06-18 18:55:55 +00:00			`You can of course use a custom signing certificate, and adjust durations.`
docs: add rancher integration 2019-12-13 12:53:30 +00:00
			`## Rancher`

website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00			`In Rancher, navigate to _Global_ -> _Security_ -> _Authentication_, and select ADFS.`
docs: update rancher docs and add to affected for update 2021-02-07 14:03:26 +00:00
			`Fill in the fields`

website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00			- Display Name Field: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`
			- User Name Field: `http://schemas.goauthentik.io/2021/02/saml/username`
			- UID Field: `rancherUidUsername`
			- Groups Field: `http://schemas.xmlsoap.org/claims/Group`
docs: update rancher docs and add to affected for update 2021-02-07 14:03:26 +00:00
website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00			`For the private key and certificate, you can either generate a new pair (in authentik, navigate to _Identity & Cryptography_ -> _Certificates_ and select Generate), or use an existing pair.`
docs: update rancher docs and add to affected for update 2021-02-07 14:03:26 +00:00
			`Copy the metadata from authentik, and paste it in the metadata field.`

			`Click on save to test the authentication.`

docs: add harbor integration, cleanup 2019-12-13 14:36:09 +00:00			`![](./rancher.png)`