Skip to content

Azure AD Client Secret Expiry Causes Rancher Login Failure

Article Number: 000022099

Environment

SUSE Rancher Manager 2.x integrated with Azure AD as Identity Provider (IDP)

Situation

Users are unable to log in to the Rancher portal using their Azure AD accounts. The authentication fails with an error:

An error occurred logging in Server error while authenticating

The initial attempt to delete the azuread-access-token secret from the cattle-global-data namespace did not resolve the login issue. Additionally, the secret was not automatically regenerated, resulting in persistent Rancher warnings about the missing secret.

Cause

The login failure occurred because the Azure AD Application Secret used by Rancher had expired. Rancher requires a valid client secret to communicate with Azure AD.

Resolution

It was observed that the Application Secret (client secret) for the Rancher app registered in Azure AD had expired. This caused Rancher’s authentication with Azure AD to fail.

To resolve the issue:

  • Generate a new Application Secret for the Rancher app in Azure AD.
  • In Rancher, update the new secret:
  • Go to Rancher UI → Users & Authentication → Auth Provider → Azure AD → Application Secret
  • Enter the new Application Secret.
  • Save the configuration.

The secret azuread-access-token in the cattle-global-data namespace got recreated automatically and the login started working again.