Hi folks!
Congrats for all the new features. Rancher community is growing fast and Rancher is becoming THE alternative to paid and privative solutions as Docker Cloud, and also more user-friendly.
I am trying to setup Shibboleth auth in order to integrate a SSO solutions through all the services deployed using Rancher, including Rancher itself.
I am using Wso2IS and in order to setup SAML as an identity provider I need to know many details about the service provider (Rancher) that I cannot find at Rancher control access page.
Has anybody configured Shibboleth as authorization for Rancher and is able to help me moving forward with this issue??
What do you need to know? But we call it “Shibboleth” and not “SAML” specifically because we only test that implementation and expect there would likely be changes needed to work with others (having learned this from calling AD support “LDAP”…).
You also need to release the SAML attributes to Rancher’s SP, by changing
/opt/shibboleth-idp/conf/attribute-filter.xml
[https://wiki.shibboleth.net/confluence/display/IDP30/AttributeFilterConfiguration]
Here you need to add into the < PolicyRequirementRule> another rule: <Rule xsi:type="Requester" value="http://rancher_ip:rancher_port/v1-auth/saml/metadata" /> in here with your Rancher setup’s ip address