https://rancher.com/ logo
Title
f

fierce-vr-95807

08/30/2022, 1:16 PM
Working on Rancher to setup ADFS authentication using JumpCloud as IdP. So authentication is working but every user have admin rights!?? Its not first time to set this kind of authentication and was always ok and working nice with groups membership and access permissions but in this case its fully not working correctly. Is anyone have similar experience with ADFS plugin or JumpClud IdP?
h

hundreds-evening-84071

08/30/2022, 5:06 PM
I believe you can change this default behavior... For my ADFS setup, I have "Standard User" set as "New User Default". Click on 3-horizontal bars on top left Select Users & Authentication Select Roles. What role do you have selected as "New User Default"?
f

fierce-vr-95807

08/31/2022, 8:04 AM
UserBase, and also added adfs groups with user base roles, even added adfs groups to cluster members to view only role….but nothing apply authorization correctly. SAML send group assigned to user when I debug communication. Same group is listed in drop down when you try to add as member which confirms that rancher see it and read it. Very strange behavior we have here. I created many AD and Octa saml integrations before so I know how and where to setup all. Also no adfs users logged in is appearing in user list with adfs provider.
Expected behavior will be to be logged in and dont see cluster unless user is added as a member to some. what we have is full admin role assigned to any authenticated user via adfs. Local users have normal behavior.