When configuring Okta Authentication using the Rancher Official Documentation in a Rancher HA environment you encounter 501 errors when trying to verify and enable the configuration.
For Rancher to fully enable Okta Authenication it requires a succesful test of your configuration to verify the information is correct. When the test request is sent from one of your Rancher Servers to Okta the returned verification is routed through a Load Balancer to a different Rancher Server in the cluster. As the recipient has not yet been configured to service Okta Authentication it will return a 501 for the request and the Rancher Server that acted as a requester will fail to enable as it could not complete the verification.
You have appropriately configured Okta Authentication according to the Rancher Official Documentation.
Steps to Resolve
- Using the Nodes Tab in your Rancher Management Cluster cordon off the nodes you are not currently connected to, this will force traffic to be returned to the Requester.
- Run the test and enable procedure for Okta Configuration from Rancher and verify you can now login successfully.
- Uncordon the other Nodes and the settings will be synced across the cluster automatically.
- Verify the cluster is working as expected by logging in using an Okta sign-in.
(Optional) To verify the settings have been synced to all nodes in the cluster you can cordon off all but another Node, not the one you used to configure, and attempt logging in using Okta. This process can be repeated for each node.