https://community.splunk.com/t5/Security/Verification-of-SAML-assertion-using-cert-failed/m-p/297513#M7972 <P>I have had this issue where one of the certs had expired. In $SPLUNK_HOME/etc/auth/idpCerts, splunk creates a folder called idpCertChain_1 where it breaks apart the cert you pasted (IdP certificate chains--these are the signing certs from your SSO provider--this can often be found in a metadata file from the provider or sometimes they just outright have a way for you to download it) from the setup into various certs and calls them cert_1.pem, cert_2.pem, ... etc. cert_1.pem is the root CA, cert_2.pem would be an issuing CA if applicable--if not would be the main cert from the IdP (fancy name for single sign on provider). You can check the certs out using $SPLUNK_HOME/bin/splunk cmd openssl x509 -noout -text -in cert_1.pem to see when it expires, adding -endate will print that line last like so:</P> <PRE><CODE>$SPLUNK_HOME/bin/splunk cmd openssl x509 -noout -text -in $SPLUNK_HOME/etc/auth/idpCerts/idpCertChain_1/cert_1.pem -enddate </CODE></PRE> <P>Updating the cert with one that was not expired fixed the issue in my case. </P> Wed, 30 Sep 2020 03:25:08 GMT worshamn 2020-09-30T03:25:08Z https://community.splunk.com/t5/Security/Verification-of-SAML-assertion-using-cert-failed/m-p/297507#M7966 <P>I have configured SAML SSO with Onelogin. My splunk app <A href="http://:8000/" target="test_blank">http://:8000/</A> is redirecting succusfully to Assertion consumer URL but getting an error message on spunk login page which does not allowing me to login with onelogn credentials</P> <P><STRONG>"Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert :/opt/splunk/etc/auth/idpCerts/idpCert.pem;"</STRONG></P> <P>I have copied IdPCert.pem in required path /etc/auth/IdPCerts/ </P> <P>Does any one know who do i fix this?</P> <P>-Thanks</P> Wed, 17 May 2017 07:07:46 GMT https://community.splunk.com/t5/Security/Verification-of-SAML-assertion-using-cert-failed/m-p/297507#M7966 splunkgk 2017-05-17T07:07:46Z https://community.splunk.com/t5/Security/Verification-of-SAML-assertion-using-cert-failed/m-p/297508#M7967 <P>I am facing the same issue wondering if you got this resolved ? if yes? please share some tips.</P> Wed, 14 Feb 2018 05:46:14 GMT https://community.splunk.com/t5/Security/Verification-of-SAML-assertion-using-cert-failed/m-p/297508#M7967 raomu 2018-02-14T05:46:14Z https://community.splunk.com/t5/Security/Verification-of-SAML-assertion-using-cert-failed/m-p/297509#M7968 <P>Please post your $SPLUNK_HOME/etc/system/local/authentication.conf</P> Tue, 01 May 2018 14:52:22 GMT https://community.splunk.com/t5/Security/Verification-of-SAML-assertion-using-cert-failed/m-p/297509#M7968 suarezry 2018-05-01T14:52:22Z https://community.splunk.com/t5/Security/Verification-of-SAML-assertion-using-cert-failed/m-p/297510#M7969 <P>You need to generate the Cert file information from Onelogin. Then paste the same cert information under -IdP certificate chains box under "Configure Splunk to use SAML" .</P> Wed, 02 May 2018 03:59:09 GMT https://community.splunk.com/t5/Security/Verification-of-SAML-assertion-using-cert-failed/m-p/297510#M7969 raomu 2018-05-02T03:59:09Z https://community.splunk.com/t5/Security/Verification-of-SAML-assertion-using-cert-failed/m-p/297511#M7970 <P>How do you generate the Cert file from onelogin?</P> Fri, 23 Nov 2018 21:10:27 GMT https://community.splunk.com/t5/Security/Verification-of-SAML-assertion-using-cert-failed/m-p/297511#M7970 stsamson005 2018-11-23T21:10:27Z https://community.splunk.com/t5/Security/Verification-of-SAML-assertion-using-cert-failed/m-p/297512#M7971 <P>HI All,</P> <P>Would like to clarify for SAML do we have to bring separate istance for configuration,OR just ADFS server and Splunk configured with SAML will do.</P> <P>I am totally confuse from documentation.Any help with respect to enabling SSO in splunk will help.</P> <P>Regards,<BR /> Shweta</P> Thu, 19 Dec 2019 04:31:17 GMT https://community.splunk.com/t5/Security/Verification-of-SAML-assertion-using-cert-failed/m-p/297512#M7971 shwetas 2019-12-19T04:31:17Z https://community.splunk.com/t5/Security/Verification-of-SAML-assertion-using-cert-failed/m-p/297513#M7972 <P>I have had this issue where one of the certs had expired. In $SPLUNK_HOME/etc/auth/idpCerts, splunk creates a folder called idpCertChain_1 where it breaks apart the cert you pasted (IdP certificate chains--these are the signing certs from your SSO provider--this can often be found in a metadata file from the provider or sometimes they just outright have a way for you to download it) from the setup into various certs and calls them cert_1.pem, cert_2.pem, ... etc. cert_1.pem is the root CA, cert_2.pem would be an issuing CA if applicable--if not would be the main cert from the IdP (fancy name for single sign on provider). You can check the certs out using $SPLUNK_HOME/bin/splunk cmd openssl x509 -noout -text -in cert_1.pem to see when it expires, adding -endate will print that line last like so:</P> <PRE><CODE>$SPLUNK_HOME/bin/splunk cmd openssl x509 -noout -text -in $SPLUNK_HOME/etc/auth/idpCerts/idpCertChain_1/cert_1.pem -enddate </CODE></PRE> <P>Updating the cert with one that was not expired fixed the issue in my case. </P> Wed, 30 Sep 2020 03:25:08 GMT https://community.splunk.com/t5/Security/Verification-of-SAML-assertion-using-cert-failed/m-p/297513#M7972 worshamn 2020-09-30T03:25:08Z