rancher: disabling auth doesnt clean up authconfigs

What kind of request is this (question/bug/enhancement/feature request): bug

Steps to reproduce (least amount of steps as possible):

  1. provision an SAML auth provider, in this case okta, with an invalid config
  2. disable saml auth
  3. reenable saml auth with the correct info /registry/management.cattle.io/authconfigs/okta

Result: Trying to login results in “Waiting to hear back from IDP”

Other details that may be helpful: when looking in etcd we see that the authconfig isnt cleaned up when removing an auth provider, also the error wasnt helpful in surfacing the actual issue.

Environment information

  • Rancher version (rancher/rancher/rancher/server image tag or shown bottom left in the UI): v2.2.3
  • Installation option (single install/HA): HA

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 1
  • Comments: 22 (11 by maintainers)

Most upvoted comments

Fine, it’s work

$ rancher kubectl get  authconfigs.management.cattle.io adfs -o yaml
accessMode: required
allowedPrincipalIds:
- adfs_user://MY_ACCOUNT@MY_COMPANY
- adfs_group://MY_COMPANY\MY_GROUP
apiVersion: management.cattle.io/v3
displayNameField: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
enabled: true
+1
Negashev on May 29, 2019

@prachidamle allowedPrincipalIds: null

+1
Negashev on May 29, 2019

@prachidamle Yes

> kubectl get  authconfigs.management.cattle.io adfs -o yaml
accessMode: required
allowedPrincipalIds: null
apiVersion: management.cattle.io/v3
displayNameField: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
enabled: false

and in ldap accessMode: required

+1
Negashev on May 29, 2019

@prachidamle

  • Rancher UI
  • 2.2.3
  • only HA
+1
Negashev on May 29, 2019
Read more comments on GitHub
← rancher: deployments.apps "cattle-cluster-agent" not found ... dial tcp 127.0.0.1:6080: connect: connection refused seen after provisioning cluster
rancher: dns resolution is not working in any container →