Rancher 2.2.8 integration with Pingfederate for SSO

Hello,

I am trying to set the authentication with our idP Pingfederate

I have followed the steps mentioned in the below URL to configure SAML

https://rancher.com/docs/rancher/v2.x/en/admin-settings/authentication/ping-federate/

When i finish my settings, i need to click on “authenticate with ping”

I am redirected on my IDP log on portal, and when i authenticate i am redirect to rancher with this attributes in my SAML request


<saml:Attribute Name=“displayName”
NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”
>
<saml:AttributeValue
xsi:type=“xs:string”
>ALEXANDRE</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=“groups”
NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”
>
<saml:AttributeValue
xsi:type=“xs:string”
>User</saml:AttributeValue>
<saml:Attribute Name=“userName”
NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”
>
<saml:AttributeValue
xsi:type=“xs:string”
>11111111111</saml:AttributeValue>
</saml:Attribute>

But i cannot log in rancher and i have this error message :

Logging in failed: Your account may not be authorized to log in.

There is no explanations about account rights or something else with the article : Configuring PingIdentity (SAML) on rancher website.

Is there someone who can help us to understand what is waited ?

thanks for any help