Deployment Architecture
Highlighted

Problem with SAML cert: "ERROR UiSAML - Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert :/opt/splunk/etc/auth/idpCerts/idpCert.pem"

Splunk Employee
Splunk Employee

Problem:
After setting up SAML configuration, when logging into the UI you are presented with the following error also logged in splunkd.log:

05-25-2017 15:19:13.453 +0000 ERROR UiSAML - Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert :/opt/splunk/etc/auth/idpCerts/idpCert.pem;

Environment:
IdP: Ping Identity
Splunk 6.6.0
Linux x86 _64

Highlighted

Re: Problem with SAML cert: "ERROR UiSAML - Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert :/opt/splunk/etc/auth/idpCerts/idpCert.pem"

Splunk Employee
Splunk Employee

This was happening because the certificate that got sent across in the assertion is just a leaf certificate. You will need to upload the root, intermediate and leaf certificate from the idP to Splunk for us to verify its validity.
This can be done from the UI > access controls -> authentication method -> saml settings -> configure SAML > IdP certificate chains

  • You can chain all 3 here. Create the cert chain by Root first and then intermediate then leaf
  • The certs have to be base 64 encoded format and will require the Begin Certificate and End Certificate Tags as delimeters

-----BEGIN CERTIFICATE-----
... (the root certificate for the CA)...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
... (the intermediate certificate)...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
... (the leaf certificate)...
-----END CERTIFICATE-----

Once you do that, Splunk will create a new directory
Splunk will create this idpCertChain1 directory and put the root cert as cert1.pem, the intermediate cert as cert2.pem, and the leaf cert as cert3.pem

splunk@sh1:~/etc/auth/idpCerts/idpCertChain1$ pwd
/opt/splunk/etc/auth/idpCerts/idpCertChain
1
splunk@sh1:~/etc/auth/idpCerts/idpCertChain1$ ls
cert
1.pem cert2.pem cert3.pem

Then you will just have to remove the idpCert.pem in etc/auth/idpCerts and it will be a valid chain.

View solution in original post

Highlighted

Re: Problem with SAML cert: "ERROR UiSAML - Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert :/opt/splunk/etc/auth/idpCerts/idpCert.pem"

Path Finder

Hello, first of all thank for the tip.

I did the workaround on Splunk 6.6.1 / Linux X86_64 but the problem persists.

Error message:
Failed to load trusted certificate {$SPLUNKHOME/etc/auth/idpCerts/idpCertChain1} Error: failed to load pem certificate from file=$SPLUNKHOME/etc/auth/idpCerts/idpCertChain1/cert_1.pem Verify the full path including the filename is correct and points to the certificate from the IDP.

Any tip will be very welcome. Thanks in advance.

0 Karma
Highlighted

Re: Problem with SAML cert: "ERROR UiSAML - Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert :/opt/splunk/etc/auth/idpCerts/idpCert.pem"

Splunk Employee
Splunk Employee

I got this error too. Were you able to overcome the problem ?
01-08-2019 19:30:25.642 +0000 ERROR XmlParser - func=xmlSecOpenSSLAppKeysMngrCertLoad:file=app.c:line=872:obj=unknown:subj=xmlSecOpenSSLAppKeysMngrCertLoadBIO:error=1:xmlsec library function failed:filename=/opt/splunk/etc/auth/idpCerts/idpCertChain1/cert1.pem
01-08-2019 19:30:25.642 +0000 ERROR Saml - Unable to load cert at: /opt/splunk/etc/auth/idpCerts/idpCertChain1
01-08-2019 19:30:25.642 +0000 ERROR UiSAML - Failed to load trusted certificate {/opt/splunk/etc/auth/idpCerts} Error: failed to load pem certificate from file=/opt/splunk/etc/auth/idpCerts/idpCertChain
1/cert_1.pem

0 Karma
Highlighted

Re: Problem with SAML cert: "ERROR UiSAML - Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert :/opt/splunk/etc/auth/idpCerts/idpCert.pem"

Path Finder

Have the same issue. Did you solve it on your side? @smitra_splunk

0 Karma
Highlighted

Re: Problem with SAML cert: "ERROR UiSAML - Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert :/opt/splunk/etc/auth/idpCerts/idpCert.pem"

New Member

I got the same error.
"Failed to load trusted certificate Cannot load certificate - unrecognized file type Verify the full path including the filename is correct and points to the certificate from the IDP"

I imported cert chain number of times with but no luck.

Any update on this ?

0 Karma
Highlighted

Re: Problem with SAML cert: "ERROR UiSAML - Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert :/opt/splunk/etc/auth/idpCerts/idpCert.pem"

SplunkTrust
SplunkTrust

Thank you! This fixed my issue with chained certificates and SAML.

0 Karma
Highlighted

Re: Problem with SAML cert: "ERROR UiSAML - Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert :/opt/splunk/etc/auth/idpCerts/idpCert.pem"

New Member

I got this error.
"Failed to load trusted certificate Cannot load certificate - unrecognized file type Verify the full path including the filename is correct and points to the certificate from the IDP"

I imported cert chain number of times but no luck.

Any help would be appreciated.

0 Karma
Highlighted

Re: Problem with SAML cert: "ERROR UiSAML - Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert :/opt/splunk/etc/auth/idpCerts/idpCert.pem"

New Member

Hello.., Eventhough i updated the chain certificates i am getting below error
“Verification of SAML assertion using the IDP's certificate provided failed. Cannot load certificate - /apps/splunk/etc/auth/idpCerts/.0, unrecognized file type.Error: Failed to verify signature with cert :/apps/splunk/etc/auth/idpCerts/idpCertChain_1;”

Any inputs would be helpful

0 Karma