KEYCLOAK SAML issue

Araton71 — Wed, 20 May 2026 08:14:04 GMT

I've configured my splunk enterprise to get saml login with keycloak.

[authentication]

authSettings = saml

authType = SAML

[saml]

blacklistedAutoMappedRoles = admin,power

caCertFile = /opt/splunk/etc/auth/cacert.pem

cacheSAMLUserInfotoDisk = false

clientCert = /opt/splunk/etc/auth/server.pem

enableAutoMappedRoles = true

entityId = https://homesoc.tester.local

excludedAutoMappedRoles = admin,power

fqdn = https://itpghomesoc03

idpCertExpirationCheckInterval = 86400s

idpCertExpirationWarningDays = 90

idpCertPath = idpCert.pem

idpSLOUrl = https://www.tester.net/realms/tester/protocol/saml

idpSSOUrl = https://www.tester.net/realms/tester/protocol/saml

inboundDigestMethod = SHA1;SHA256;SHA384;SHA512

inboundSignatureAlgorithm = RSA-SHA1;RSA-SHA256;RSA-SHA384;RSA-SHA512

issuerId = https://www.tester.net/realms/tester

lockRoleToFullDN = true

redirectPort = 8000

replicateCertificates = true

saml_negative_cache_timeout = 3600

scimEnabled = false

signAuthnRequest = false

signatureAlgorithm = RSA-SHA256

signatureRawPubKey = false

signedAssertion = true

sloBinding = HTTP-POST

sslPassword = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

ssoBinding = HTTP-REDIRECT

[roleMap_SAML]
admin = splunk-admin

but I have following error when try to login

Saml response does not contain group information.

In splunkd.log

05-20-2026 09:24:47.181 +0200 ERROR Saml [2814333 webui] - No value found in SamlResponse for match key=saml:AttributeStatement/saml:Attribute attrName=role err=No nodes found for xpath=saml:AttributeStatement/saml:Attribute

What is missing ?

SOLVED: KEYCLOAK SAML issue

Araton71 — Wed, 20 May 2026 08:28:46 GMT

On UI SAML Configuration ALIAS check must be tick and in role alias filed

it needs to add same value setted in keycloak

and in authentication.conf

[authenticationResponseAttrMap_SAML]
role = groups

topic SOLVED: KEYCLOAK SAML issue in Security

KEYCLOAK SAML issue

SOLVED: KEYCLOAK SAML issue