Support for SAML via Shibboleth?

Hi folks,

Shibboleth is widely used at universities & government research institutions to implement identity management via SAML.

Does Rancher 2.x support Shibboleth as a SAML provider? The documentation mentions Keycloak & PingIdentity, but not Shibboleth.

Does anyone have a guide to configure Rancher to work with Shibboleth or a generic SAML provider?

-= Stefan

@Stefan_Lasiewski I am looking for the same support and have came to the same roadblock as you.

Currently our work around is to set up SSO with GitHub Enterprise then enable GitHub authentication on Rancher.

There is an enhancement ticket on their GitHub page. https://github.com/rancher/rancher/issues/19776

1 Like

Hi @amtsai,

We are still pursuing this as well. If you have a support contract, please contact Rancher Support and ask for this feature. It will help them to prioritize the feature appropriately.

-= Stefan

Rancher supports several SAML providers:

In Rancher v1.6, we encouraged our SAML users to use Shibboleth, as it was the only SAML authentication option we offered. However, to better support their minor differences, we’ve added more fully tested SAML providers for v2.x: Ping Identity, Microsoft ADFS, and FreeIPA.

https://rancher.com/docs/rancher/v2.x/en/v1.6-migration/get-started/

@catherineluse They know that, but Shibboleth is not one of them (in 2.x).