https://community.splunk.com/t5/Security/SH-Cluster-Prevent-Config-Replication/m-p/560088#M12434 <P>Question -&nbsp;</P><P>If I wanted to prevent SAML/SSO configurations from replicating to other SHs in a cluster, could I use the 'conf_replication_blacklist.&lt;name&gt;' or something similar to exclude the authentication.conf? Or would that cause more issues outside of just preventing SAML/SSO configs to be unsyncd?</P><P>Context -&nbsp;<BR />We are migrating from onprem servers to AWS servers. The current configurations for SSO/SAML only work for the onprem servers, and we will need new configs for the AWS servers. The configs are in the etc/system/local/authentication.conf, so already at highest precendence.</P><P>However, while working on those configurations we don't want to break the working SSO for onprem. We don't want to make it a separate cluster, cause then we'd have to get all the searches/lookups replicated across some other way.</P><P>I came across the 'conf_replication_summary.blacklist' and 'conf_replication_include.&lt;conf_file_name&gt; = &lt;boolean&gt;' in the server.conf spec, and was wondering if anyone has any experience using these for&nbsp;authentication.conf and if there are complications I should be aware of? Cause if we could use these to temporarily pause the replication with no real ill effects, that'd be great.</P> Mon, 19 Jul 2021 16:30:07 GMT Sivrat 2021-07-19T16:30:07Z https://community.splunk.com/t5/Security/SH-Cluster-Prevent-Config-Replication/m-p/560088#M12434 <P>Question -&nbsp;</P><P>If I wanted to prevent SAML/SSO configurations from replicating to other SHs in a cluster, could I use the 'conf_replication_blacklist.&lt;name&gt;' or something similar to exclude the authentication.conf? Or would that cause more issues outside of just preventing SAML/SSO configs to be unsyncd?</P><P>Context -&nbsp;<BR />We are migrating from onprem servers to AWS servers. The current configurations for SSO/SAML only work for the onprem servers, and we will need new configs for the AWS servers. The configs are in the etc/system/local/authentication.conf, so already at highest precendence.</P><P>However, while working on those configurations we don't want to break the working SSO for onprem. We don't want to make it a separate cluster, cause then we'd have to get all the searches/lookups replicated across some other way.</P><P>I came across the 'conf_replication_summary.blacklist' and 'conf_replication_include.&lt;conf_file_name&gt; = &lt;boolean&gt;' in the server.conf spec, and was wondering if anyone has any experience using these for&nbsp;authentication.conf and if there are complications I should be aware of? Cause if we could use these to temporarily pause the replication with no real ill effects, that'd be great.</P> Mon, 19 Jul 2021 16:30:07 GMT https://community.splunk.com/t5/Security/SH-Cluster-Prevent-Config-Replication/m-p/560088#M12434 Sivrat 2021-07-19T16:30:07Z