https://community.splunk.com/t5/Security/SAML-response-from-ADFS/m-p/544894#M12161 <P>Hi all,</P><P>we are trying to configure Splunk on premise (7.3.6) to work with SAML and ADFS but we are stuck with some errors:</P><P>with&nbsp;signedAssertion = false we see in internal logs:</P><P>&nbsp;</P><LI-CODE lang="markup">ERROR Saml - Failed to parse issuer. Could not evaluate xpath expression //saml:Assertion/saml:Issuer or no matching nodes found. No value found in SamlResponse for key=//saml:Assertion/saml:Issuer</LI-CODE><P>&nbsp;</P><P>with&nbsp;signedAssertion = true</P><P>&nbsp;</P><LI-CODE lang="markup">ERROR UiSAML - Verification of SAML assertion using the IDP's certificate provided failed. Error: start node xmlSecNodeSignature not found in document</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>Any suggestions?</P> Tue, 23 Mar 2021 09:23:43 GMT llopreiato 2021-03-23T09:23:43Z https://community.splunk.com/t5/Security/SAML-response-from-ADFS/m-p/544894#M12161 <P>Hi all,</P><P>we are trying to configure Splunk on premise (7.3.6) to work with SAML and ADFS but we are stuck with some errors:</P><P>with&nbsp;signedAssertion = false we see in internal logs:</P><P>&nbsp;</P><LI-CODE lang="markup">ERROR Saml - Failed to parse issuer. Could not evaluate xpath expression //saml:Assertion/saml:Issuer or no matching nodes found. No value found in SamlResponse for key=//saml:Assertion/saml:Issuer</LI-CODE><P>&nbsp;</P><P>with&nbsp;signedAssertion = true</P><P>&nbsp;</P><LI-CODE lang="markup">ERROR UiSAML - Verification of SAML assertion using the IDP's certificate provided failed. Error: start node xmlSecNodeSignature not found in document</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>Any suggestions?</P> Tue, 23 Mar 2021 09:23:43 GMT https://community.splunk.com/t5/Security/SAML-response-from-ADFS/m-p/544894#M12161 llopreiato 2021-03-23T09:23:43Z https://community.splunk.com/t5/Security/SAML-response-from-ADFS/m-p/546332#M12178 <P>We solved our problem by following Splunk support suggestion to remove encryption from ADFS as specified in chapter 13 of this guide:</P><P><A href="https://www.splunk.com/en_us/blog/tips-and-tricks/configuring-microsofts-adfs-splunk-cloud.html" target="_blank">https://www.splunk.com/en_us/blog/tips-and-tricks/configuring-microsofts-adfs-splunk-cloud.html</A></P> Thu, 01 Apr 2021 06:57:57 GMT https://community.splunk.com/t5/Security/SAML-response-from-ADFS/m-p/546332#M12178 llopreiato 2021-04-01T06:57:57Z https://community.splunk.com/t5/Security/SAML-response-from-ADFS/m-p/673936#M17544 <P>Had the same error message to an adfs server with encryption and in my case this worked, dont know if it is correct.<BR /><BR />I added the encrypted private key to signAuthnRequest certificate, which&nbsp; is this authentication.conf parameter:<BR /><BR />[saml]<BR />clientCert = cert_and_encrypted_private_key.pem<BR /><BR />The password of the encypted private key was configured to the parameter sslPassword of the same stanza&nbsp;<BR />sslPasswort =&nbsp;<BR /><BR />No this parameter could be set to true:<BR /><BR />signAuthnRequest = true<BR /><BR />and reloaded authentication to let the sslPasswort be hashed.<BR /><BR />Worked for me.<BR /><BR /><BR /></P> Thu, 11 Jan 2024 13:16:19 GMT https://community.splunk.com/t5/Security/SAML-response-from-ADFS/m-p/673936#M17544 hschuhkn 2024-01-11T13:16:19Z