Shulou(Shulou.com)05/31 Report--

Editor to share with you the example analysis of Rancher2 Azure AD certification, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Version support: Rancher v2.0.3 +

If you enable the Active Directory (AD) service in Azure, you can configure Rancher to allow your users to log in using the Azure AD account.

Register Rancher with Azure

Before you can enable Azure AD in Rancher, you must register Rancher with Azure.

Azure is divided into Global area and China region:

Portal address in China: https://portal.azure.cn

Global area Portal address: https://portal.azure.com

In this paper, we take China as an example, and the method of Global is similar.

The configuration in the step requires administrative access, so you need to log in to Microsoft Azure portal as an administrative user.

Search for application registration and open

Click on the new application to register, complete the form, and finally click create in the lower right corner.

Note that you need to enter the server_url configured in the Rancher settings to log in to URL, but you need to add a verify-auth-azure suffix after the rancher_server_url address in China, for example: https://demo.rancher.com/verify-auth-azure Azure is not added in the Global area.

Create an Azure API key

Create an API key from the Azure portal that Rancher will use to authenticate Azure AD.

Search for the application registration service, and then open the rancher-test created in the previous procedure. You may be prompted that you are not the owner of any application in this directory and click directly to view all applications.

Click rancher-test and a new window pops up.

Click Settings and select the key from the Settings sidebar.

Enter a description of the key, such as rancher-test, select the validity period of the key, and then click Save.

Note that since the key is displayed only once, you need to copy the key and save it in a secure place.

Set the required permissions for Rancher

Next, set the API permission for Rancher in Azure.

Immediately after the previous step, select the desired permissions from the Settings sidebar.

Click Windows Azure Active Directory.

From the enable access sidebar tab, check the following delegate permissions:

Note:

You must be logged in as an Azure administrator to successfully save permission settings.

Access the directory as a logged-in user

Read catalog data

Read all groups

Read the complete personal data of all users

Read the basic profile for all users

Log in and read the user's personal data

Copy Azure application data

As the last step in Azure configuration, copy the relevant configuration parameters used to configure Rancher for Azure AD authentication into an empty text file.

Get directory ID

Search for Azure Active Directory services

From the Azure Active Directory menu, open the properties

Copy the directory ID and paste it into a text file

Get the application ID.

Search for application registration

Find the rancher-test application you created

Copy the application ID and paste it into your text file

Get MICROSOFT AZURE AD GRAPH API endpoints, OAUTH 2.0 token endpoints, and OAUTH 2.0 authorization endpoints.

Search for application registration and click the endpoint

Copy the following endpoints to the clipboard and paste them into a text file

MICROSOFT AZURE AD GRAPH API endpoint

OAUTH 2.0 token Endpoint

OAUTH 2.0 Licensing Endpoint

Configure Azure AD in Rancher

In Rancher UI, enter the AD configuration information obtained in Azure to complete the configuration.

Log in to RancherUI and from the global view, select Security > Authentication.

Select Azure AD.

Enter the corresponding configuration information:

The following table shows the field correspondence table between the Azure portal configuration and the Rancher authentication configuration:

RancherAzure AD tenant ID (Tenant ID) directory ID (Directory ID) application ID (Application ID) application ID (Application ID) Application Secret key Endpoint https://login.chinacloudapi.cnGraph Endpoint https://graph.chinacloudapi.cnToken EndpointOAUTH 2.0 token termination point Auth EndpointOAUTH 2.0 authorization endpoint

Important hint

Global area Endpoint address: https://login.windows.net/

Global area Graph Endpoint address: https://graph.windows.net/

For more information, please refer to Check-endpoints-in-Azure

Finally, click enable Azure AD.

The above is all the contents of this article "sample Analysis of Rancher2 Azure AD Certification". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.