Yes, the issue is known. The cluster collector verifies the communication by validating the used token internally. However, as in Rancher, you have to setup the ServiceAccount on Rancher and use the token of that ServiceAccount, this is not what the cluster collector expects.
The ideal solution would be to build compatibility on our side into the cluster collector, that it also accepts the Rancher-owned ServiceAccount. It is on our roadmap to do after we have finished OpenShift support and PVC+CronJob monitoring. All three things are currently in user tests.
The workaround for the time being is to bypass the Rancher API proxy and directly get the data from the control plane nodes of the specific cluster. For that, just follow the standard procedure from the docs, use the token from the ServiceAccount which is created by the Helm charts and specify a control plane node as the API endpoint.