111. Azure AD 客户端秘密到期导致 Rancher 登录失败

SUSE Rancher Manager 2.x integrated with Azure AD as Identity Provider (IDP)
SUSE Rancher Manager 2.x 集成于 Azure AD as Identity Provider （IDP）

Users are unable to log in to the Rancher portal using their Azure AD accounts. The authentication fails with an error:
用户无法通过 Azure AD 账户登录 Rancher 门户。认证失败时会出现错误：

An error occurred logging in Server error while authenticating

The initial attempt to delete the azuread-access-token secret from the cattle-global-data namespace did not resolve the login issue. Additionally, the secret was not automatically regenerated, resulting in persistent Rancher warnings about the missing secret.
最初尝试从 cattle-global-data 命名空间删除 azuread-access-token 秘密时，登录问题未能解决。此外，秘密不会自动恢复，导致牧场主持续警告缺失秘密。

It was observed that the Application Secret (client secret) for the Rancher app registered in Azure AD had expired. This caused Rancher’s authentication with Azure AD to fail.
观察到在 Azure AD 注册的 Rancher 应用的应用秘密（客户端秘密）已过期。这导致 Rancher 与 Azure AD 的认证失败。

To resolve the issue: 为了解决这个问题：

• Generate a new Application Secret for the Rancher app in Azure AD.
  在 Azure AD 中为 Rancher 应用生成一个新的应用秘密。
• In Rancher, update the new secret:
  在 Rancher 中，更新新的秘密：
• Go to Rancher UI → Users & Authentication → Auth Provider → Azure AD → Application Secret
  前往 Rancher UI → 用户与认证 → Provider → Azure AD → Application Secret
• Enter the new Application Secret.
  这时，新的应用秘诀出现了。
• Save the configuration. 保存配置。

The secret azuread-access-token in the cattle-global-data namespace got recreated automatically and the login started working again.
cattle-global-data 命名空间中的秘密 azuread-access-token 自动被重新创建，登录也恢复正常。

The login failure occurred because the Azure AD Application Secret used by Rancher had expired. Rancher requires a valid client secret to communicate with Azure AD.
登录失败是因为 Rancher 使用的 Azure AD 应用秘密已过期。Rancher 需要有效的客户端秘密才能与 Azure AD 通信。