We upgraded our Splunk search head from version 6.5.3 to version 126.96.36.199 and cannot get to GUI interface: getting "Page not found!" error message (URL :
splunkd.log has the following error: 0500 ERROR UserManagerPro - SAML config is invalid, Reconfigure it. and 0500 ERROR UserManagerPro - user="system" had no roles
We have used SAML successfully in previous version 6.5.3 , idpSsoUrl' is setup in authentication.conf file as well.
Will appreciate all advices on what can be the next step
Note that you can export Splunk software metadata using the /saml/spmetadata endpoint on Splunk Web. You can also access the SAML-sp-metadata endpoint on splunkd.
Go to https://yoursplunk.yourdomain.com/saml/spmetadata to generate your metadata. Compare this with the file you provided to Ping Identity. Is it the same?
@suarezry, sorry for a delayed reply. The reason SAML authentication didn't work - we had some deprecated parameters in authentication.conf file.
Found this kind of errors in splunkd.log:
"WARN SSLOptions - authentication.conf/[saml]/sslKeysfilePassword: deprecated; use 'sslPassword' instead
WARN SSLOptions - authentication.conf/[saml]/sslKeysfile: deprecated; use 'clientCert' instead"
After applying this change we were able to get to splunk site