Skip to content

How to configure Okta Auth with Rancher HA

This document (000020181) is provided subject to the disclaimer at the end of this document.

Situation

Issue

When configuring Okta Authentication using the Rancher Official Documentation in a Rancher HA environment you encounter 501 errors when trying to verify and enable the configuration.

Cause

For Rancher to fully enable Okta Authenication it requires a succesful test of your configuration to verify the information is correct. When the test request is sent from one of your Rancher Servers to Okta the returned verification is routed through a Load Balancer to a different Rancher Server in the cluster. As the recipient has not yet been configured to service Okta Authentication it will return a 501 for the request and the Rancher Server that acted as a requester will fail to enable as it could not complete the verification.

Resolution

Assumptions

You have appropriately configured Okta Authentication according to the Rancher Official Documentation.

Steps to Resolve
  1. Using the Nodes Tab in your Rancher Management Cluster cordon off the nodes you are not currently connected to, this will force traffic to be returned to the Requester.
  2. Run the test and enable procedure for Okta Configuration from Rancher and verify you can now login successfully.
  3. Uncordon the other Nodes and the settings will be synced across the cluster automatically.
  4. Verify the cluster is working as expected by logging in using an Okta sign-in.

(Optional) To verify the settings have been synced to all nodes in the cluster you can cordon off all but another Node, not the one you used to configure, and attempt logging in using Okta. This process can be repeated for each node.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.