Rancher 2.1 integration with Pingfederate for SSO

Hi,

We are using Rancher 2.1 versions and we are trying to integration with pingfederate(idP) for SSO, I have followed the steps mentioned in the below URL to configure SAML

https://rancher.com/docs/rancher/v2.x/en/admin-settings/authentication/ping-federate/

Also In pingfederate(idP) we created a SP connection, but pingfederate expects a SP(rancher) metadata URL to load SP details. As per the details mentioned in this URL “https://gist.github.com/mrajashree/4860a729aa9b4a87ae3506793afbc4a4” the SP metadata URL is https://host:port/v3-auth/saml/metadata.

But the output of the above URL is not the actual metadata(it is just html page with api URL links) , Do we need any additional setting in Rancher configurations to enable metadata.

Please let us know how to get the SP metadata.

We want to explore other options as well, like reverse proxy approach.

Does rancher supports the reverse proxy header based authentication ?

Thanks & Regards,
Ravi.

I am having the same chicken-and-egg situation trying to integrate a non-listed SAML idp. MY idp requires the metadata.xml to complete the configuration, but Rancher won’t expose the metadata until it has successfully authed. I am unable to save the rancher SAML config without first a successful test.
Any way around this?

Replying to myself. If you click the “test auth” and THEN you can download the Rancher metadata. Working now :slight_smile: