habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
582812b3ec5df24a556f41e76b925647788038e2
authentik/docs/integrations/hypervisors-orchestrators/rancher/index.md
Teffen Ellis 582812b3ec website: Flesh out docs split. 
website: Copy files during build.

website: Allow for mixed env builds.

website: Reduce build size.

website: Expose build.

website: Add build memory debugging.

WIP: Disable broken links check to compare memory usage.

website: Update deps.

website: Clean up API paths.

website: Flesh out 3.8 fixes.

Format.

website: Update ignore paths.

Website: Clean up integrations build.

website: Fix paths.

website: Optimize remark.

website: Update deps.

website: Format.

website: Remove linking.

website: Fix paths.

wip: Attempt API only build.

Prep.

Migrate render to runtime. Tidy sidebar.

Clean up templates.

docs: Move directory. WIP

docs: Flesh out split.

website: Fix issue where routes have collisions.
2025-07-01 21:53:19 +02:00

2.3 KiB
Raw Blame History

title, sidebar_label, support_level
title sidebar_label support_level
Integrate with Rancher Rancher authentik

What is Rancher

An enterprise platform for managing Kubernetes Everywhere Rancher is a platform built to address the needs of the DevOps teams deploying applications with Kubernetes, and the IT staff responsible for delivering an enterprise-critical service.

-- https://rancher.com/products/rancher

Preparation

The following placeholders are used in this guide:

  • rancher.company is the FQDN of the Rancher installation.
  • authentik.company is the FQDN of the authentik installation.

:::note This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. :::

Under Customization -> Property Mappings, create a SAML Property Mapping. Give it a name like "SAML Rancher User ID". Set the SAML name to rancherUidUsername and the expression to the following

return f"{user.pk}-{user.username}"

Create an application in authentik. Set the Launch URL to https://rancher.company, as Rancher does not currently support IdP-initiated logins.

Create a SAML provider with the following parameters:

  • ACS URL: https://rancher.company/v1-saml/adfs/saml/acs
  • Audience: https://rancher.company/v1-saml/adfs/saml/metadata
  • Issuer: authentik
  • Service Provider Binding: Post
  • Property mappings: Select all default mappings and the mapping you've created above.
  • Signing Certificate: Select the authentik self-signed certificate.

You can of course use a custom signing certificate, and adjust durations.

Rancher

In Rancher, navigate to Global -> Security -> Authentication, and select ADFS.

Fill in the fields

  • Display Name Field: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
  • User Name Field: http://schemas.goauthentik.io/2021/02/saml/username
  • UID Field: rancherUidUsername
  • Groups Field: http://schemas.xmlsoap.org/claims/Group

For the private key and certificate, you can either generate a new pair (in authentik, navigate to Identity & Cryptography -> Certificates and select Generate), or use an existing pair.

Copy the metadata from authentik, and paste it in the metadata field.

Click on save to test the authentication.