docs: update rancher docs and add to affected for update
This commit is contained in:
parent
bfc8e9200f
commit
9b71b8da5f
|
@ -18,14 +18,36 @@ The following placeholders will be used:
|
||||||
- `rancher.company` is the FQDN of the Rancher install.
|
- `rancher.company` is the FQDN of the Rancher install.
|
||||||
- `authentik.company` is the FQDN of the authentik install.
|
- `authentik.company` is the FQDN of the authentik install.
|
||||||
|
|
||||||
Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:
|
Under *Property Mappings*, create a *SAML Property Mapping*. Give it a name like "SAML Rancher User ID". Set the SAML name to `rancherUidUsername` and the expression to the following
|
||||||
|
|
||||||
|
```python
|
||||||
|
return f"{user.pk}-{user.username}"
|
||||||
|
```
|
||||||
|
|
||||||
|
Create an application in authentik. Create a SAML provider with the following parameters:
|
||||||
|
|
||||||
- ACS URL: `https://rancher.company/v1-saml/adfs/saml/acs`
|
- ACS URL: `https://rancher.company/v1-saml/adfs/saml/acs`
|
||||||
- Audience: `https://rancher.company/v1-saml/adfs/saml/metadata`
|
- Audience: `https://rancher.company/v1-saml/adfs/saml/metadata`
|
||||||
- Issuer: `authentik`
|
- Issuer: `authentik`
|
||||||
|
- Property mappings: Select all default mappings and the mapping you've created above.
|
||||||
|
|
||||||
You can of course use a custom signing certificate, and adjust durations.
|
You can of course use a custom signing certificate, and adjust durations.
|
||||||
|
|
||||||
## Rancher
|
## Rancher
|
||||||
|
|
||||||
|
In Rancher, navigate to *Global* -> *Security* -> *Authentication*, and select ADFS.
|
||||||
|
|
||||||
|
Fill in the fields
|
||||||
|
|
||||||
|
- Display Name Field: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`
|
||||||
|
- User Name Field: `http://schemas.goauthentik.io/2021/02/saml/username`
|
||||||
|
- UID Field: `rancherUidUsername`
|
||||||
|
- Groups Field: `http://schemas.xmlsoap.org/claims/Group`
|
||||||
|
|
||||||
|
For the private key and certificate, you can either generate a new pair (in authentik, navigate to *Identity & Cryptography* -> *Certificates* and select Generate), or use an existing pair.
|
||||||
|
|
||||||
|
Copy the metadata from authentik, and paste it in the metadata field.
|
||||||
|
|
||||||
|
Click on save to test the authentication.
|
||||||
|
|
||||||
![](./rancher.png)
|
![](./rancher.png)
|
||||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 549 KiB After Width: | Height: | Size: 320 KiB |
|
@ -44,10 +44,11 @@ Due to the switch to managed objects, some default property mappings are changin
|
||||||
The change affects the "SAML Name" property, which has been changed from an oid to a Schema URI to aid readability.
|
The change affects the "SAML Name" property, which has been changed from an oid to a Schema URI to aid readability.
|
||||||
|
|
||||||
The integrations affected are:
|
The integrations affected are:
|
||||||
- [NextCloud](/docs/integrations/services/nextcloud/index)
|
|
||||||
- [Sentry](/docs/integrations/services/sentry/index)
|
|
||||||
- [GitLab](/docs/integrations/services/gitlab/index)
|
|
||||||
- [Ansible Tower/AWX](/docs/integrations/services/awx-tower/index)
|
- [Ansible Tower/AWX](/docs/integrations/services/awx-tower/index)
|
||||||
|
- [GitLab](/docs/integrations/services/gitlab/index)
|
||||||
|
- [NextCloud](/docs/integrations/services/nextcloud/index)
|
||||||
|
- [Rancher](/docs/integrations/services/rancher/index)
|
||||||
|
- [Sentry](/docs/integrations/services/sentry/index)
|
||||||
|
|
||||||
### docker-compose
|
### docker-compose
|
||||||
|
|
||||||
|
|
Reference in New Issue