Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add troubleshooting section to Okta SAML documentation #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Add troubleshooting section to Okta SAML documentation #4

Copilot wants to merge 2 commits into from

Conversation

Copy link

Copilot AI commented Dec 1, 2025
edited
Loading

Fixes rancher#1889

Reminders

  • See the README for more details on how to work with the Rancher docs.

  • Verify if changes pertain to other versions of Rancher. If they do, finalize the edits on one version of the page, then apply the edits to the other versions.

  • If the pull request is dependent on an upcoming release, remember to add a "MERGE ON RELEASE" label and set the proper milestone.

Description

Adds troubleshooting guidance for Okta SAML authentication, specifically addressing the certificate verification error from #49147:

cannot validate signature on Response: Could not verify certificate against trusted certs

Changes:

  • Added ## Troubleshooting section to configure-okta-saml.md covering:
    • Not redirected to Okta (config/popup blocker issues)
    • Forbidden message after login (SAML signing issues)
    • Certificate verification error (multiple certs in IdP metadata during rollover)
  • Documents the fix in v2.11+ and workaround for older versions
  • Applied to main docs and versioned docs (v2.9, v2.10, v2.11, v2.12, v2.13)

Follows the same pattern as the existing Keycloak SAML troubleshooting section.

Comments

The certificate verification issue was fixed in Rancher v2.11 when the crewjam/saml library was forked to rancher/saml. This documentation helps users on older versions understand the workaround (ensuring single active cert in metadata) and encourages upgrading.

Original prompt

rancher#1889. Details of the SURE ticket have been copied to rancher/rancher#49147 so use that for context

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI assigned Copilot and moio Dec 1, 2025
Copilot AI changed the title [WIP] Update SURE documentation for clarity Add troubleshooting section to Okta SAML documentation Dec 1, 2025
Copilot AI requested a review from moio December 1, 2025 08:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@moio moio Awaiting requested review from moio

Assignees

@moio moio

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Setting Up SSO in Rancher with Okta

2 participants

@moio