2 — Configuring Rancher for Microsoft AD FS
Available as of v2.0.7
After you complete Configuring Microsoft AD FS for Rancher, enter your AD FS information into Rancher to allow AD FS users to authenticate with Rancher.
Important Notes For Configuring Your AD FS Server:
- The SAML 2.0 WebSSO Protocol Service URL is:
- The Relying Party Trust identifier URL is:
- You must export the
federationmetadata.xmlfile from your AD FS server. This can be found at:
From the Global view, select Security > Authentication from the main menu.
Select Microsoft Active Directory Federation Services.
Complete the Configure AD FS Account form. Microsoft AD FS lets you specify an existing Active Directory (AD) server. The examples below describe how you can map AD attributes to fields within Rancher.
Field Description Display Name Field The AD attribute that contains the display name of users.
User Name Field The AD attribute that contains the user name/given name.
UID Field An AD attribute that is unique to every user.
Groups Field Make entries for managing group memberships.
Rancher API Host The URL for your Rancher Server. Private Key / Certificate This is a key-certificate pair to create a secure shell between Rancher and your AD FS. Ensure you set the Common Name (CN) to your Rancher Server URL.
Certificate creation command
Metadata XML The
federationmetadata.xmlfile exported from your AD FS server.
You can find this file at
Tip: You can generate a certificate using an openssl command. For example:
openssl req -x509 -newkey rsa:2048 -keyout myservice.key -out myservice.cert -days 365 -nodes -subj "/CN=myservice.example.com"
After you complete the Configure AD FS Account form, click Authenticate with AD FS, which is at the bottom of the page.
Rancher redirects you to the AD FS login page. Enter credentials that authenticate with Microsoft AD FS to validate your Rancher AD FS configuration.
Note: You may have to disable your popup blocker to see the AD FS login page.
Result: Rancher is configured to work with MS FS. Your users can now sign into Rancher using their MS FS logins.