rancher: Unable to login to rancher server after a rancher server roll back via docker when azure AD is enabled

Rancher Server Setup

• Rancher version: v2.6.5 upgraded to v2.6-head 0042faa rolled back to v2.6.5
• Installation option (Docker install/Helm Chart): Docker install
  • If Helm Chart, Kubernetes Cluster and version (RKE1, RKE2, k3s, EKS, etc): k3s
• Proxy/Cert Details:

Information about the Cluster

• Kubernetes version: v1.23.6
• Cluster Type (Local/Downstream): Downstream Infrastructure provider
  • If downstream, what type of cluster? (Custom/Imported or specify provider for Hosted/Infrastructure Provider):

User Information

• What is the role of the user logged in? (Admin/Cluster Owner/Cluster Member/Project Owner/Project Member/Custom)
  • If custom, define the set of permissions: Admin

Describe the bug Login fails when a rancher server is rolled back from v2.6.6-rc1 or v2.6-head when azure AD is enabled if we upgrade the azure AD end point in 2.6.6-rc1. This is because the azure AD end points will not be rolled back if the roll back is not performed via backup/restore charts.

Solution here will be docs/release-note:

If you want to rollback Rancher to use the old Azure AD Graph API without using the backup-restore operator, edit the azuread authconfig resource stored in the local cluster’s database (you must have permission to edit this resource). Old azure AD auth graph endpoints will not be rolled back on a rancher roll back.