https://rancher.com/ logo
Title
f

freezing-hairdresser-79403

05/02/2023, 10:37 AM
Can Rancher be configured with an external identity provider using environment variables?
extraEnv
section in the deploy k8s object
a

agreeable-oil-87482

05/02/2023, 12:40 PM
As in, use environment variables to configure an external auth provider? No.
f

freezing-hairdresser-79403

05/02/2023, 12:41 PM
Yes
Like Azure Ad
a

agreeable-oil-87482

05/02/2023, 12:42 PM
Not with env variables alone, no.
f

freezing-hairdresser-79403

05/02/2023, 12:46 PM
What do you means by the
env variables alone
? Using the extraEnv section is not enough ? Should I make others request to the API Rancher ?
a

agreeable-oil-87482

05/02/2023, 12:48 PM
There's only specific options that are influenced by env variables, the only one i've really seen is `CATTLE_TLS_MIN_VERSION`/
CATTLE_TLS_CIPHERS
for the docker install version
You should be setting configs like the auth provider using Terraform
You could try and create the underlying auth provider config type directly and post this to the apiserver of the k8s cluster running Rancher, but it's not currently supported
f

freezing-hairdresser-79403

05/02/2023, 1:06 PM
Thank you for providing the details. I believe it may be possible to configure extr auth provider using API.
@agreeable-oil-87482 Hi ! I attempted to set up Azure AD authentication with Rancher by making a
curl
request to the API endpoint
RANCHER_URL/v3/azureADConfigs/azuread
with the necessary Azure AD configuration details in the request payload. The configuration was successfully activated, but authentication for any Azure AD user is not working as expected.
However, when I configured Azure AD authentication in Rancher using the Rancher UI, I was prompted to authenticate with Azure AD and only upon successful authentication , the activation was successful.
a

agreeable-oil-87482

05/02/2023, 5:23 PM
Not working as expected in what way?
f

freezing-hairdresser-79403

05/02/2023, 5:24 PM
Not working as expected, that means I can't authenticate any AD user
a

agreeable-oil-87482

05/02/2023, 5:25 PM
Did you configure so any user can login?
Or only explicit users?
f

freezing-hairdresser-79403

05/02/2023, 5:26 PM
I think you ask for this attribute
"accessMode": "unrestricted"
a

agreeable-oil-87482

05/02/2023, 5:27 PM
Please show what it states in the UI for the Auth config and scope
f

freezing-hairdresser-79403

05/02/2023, 5:42 PM
I solved my issue, Thank you a lot I missed to add the follwoing filed in the payload of my PUT Request • Graph Endpoint • Auth Endpoint • Token Endpoint