Authentication with unsupported SAML provider

#1

Is it possible to use a SAML provider for authentication that is not officially supported? Rancher seems to support PingIdentity and KeyCloak on this side, but shouldn’t in theory this work for any other provider that implements the SAML protocol?

#2

Yes, it’s just not tested/validated/supported. See https://mattslifebytes.com/2018/08/15/using-okta-and-other-saml-idps-with-rancher-2-0/ for a reference.

#3

Hi, our enterprise use openam as SAML provider, and I am trying to follow this link ( https://mattslifebytes.com/2018/08/15/using-okta-and-other-saml-idps-with-rancher-2-0/ ) to configure.
However it is not successful. How rancher pass unique identifier? I received all claim rancher site is asking as well as metadata. I kept getting http 500 error and saml is not valid.
After we parsed SAML link, it seems like valid SAML data is passed. We believe somewhere rancher is not handshaking well with our SAML provider.

Any suggestion?