Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

SAML Support on Search head Clusters

msudhindra
Path Finder
‎09-22-2015 10:58 AM

Hello !

With the latest v 6.3 that was released earlier today, one of the features that was introduced was the ability of Splunk Enterprise to handle SAML based authentication (without needing custom messy Apache configurations, etc).

The question I had was whether SAML based SSO solution will work with Search Head Clustering ?

I was unable to find any mention about this in the documentation.

Can anyone provide any insight on this ?

Thanks and Regards,
Madan Sudhindra

Reply
1 Solution
Solved! Jump to solution
Solution

jworthington_sp
Splunk Employee
Splunk Employee
‎09-22-2015 12:23 PM

You only have to enable SAML on the search head, once you do that, search head cluster behavior will work as normal.

Hope that helps.

View solution in original post

Reply
Solved! Jump to solution

msudhindra
Path Finder
‎10-05-2015 04:56 PM

Hi @jworthington

Reading through the documentation, it seems that SAML based SSO is only supported with Ping Identity as an Identity Provider.

Are standards based SAML 2.0 providers (non Ping Identity) not supported yet ? If so, when do you expect them to be supported ?
Our IdP does not support an Attribute Query URL. How would we configure SAML in the absence of such a URL.

Also, I dont see any mention of where the IdP should post the SAML response to a Splunk search-head (Assertion Consumer Service URL).

Thanks,
Madan Sudhindra

Reply
Solved! Jump to solution

jworthington_sp
Splunk Employee
Splunk Employee
‎09-22-2015 12:39 PM

It's a good best practice to configure them the same way, I would think. And the the server.pem or saml.pem DEFNITELY need to be same on all the Search heads in a SHC set up so that they can communicate.

Reply
Solved! Jump to solution

msudhindra
Path Finder
‎09-22-2015 12:40 PM

OK. Thanks.

I'll try this out in the next week and post my findings to this thread.

0 Karma
Reply
Solved! Jump to solution

jworthington_sp
Splunk Employee
Splunk Employee
‎09-22-2015 12:43 PM

Great, look forward to hearing back about how things go. I'm the writer for the topics so please let me know if you find something that is not helpful or something that you think might improve the docs!

Reply
Solved! Jump to solution
Solution

jworthington_sp
Splunk Employee
Splunk Employee
‎09-22-2015 12:23 PM

You only have to enable SAML on the search head, once you do that, search head cluster behavior will work as normal.

Hope that helps.

Reply
Solved! Jump to solution

msudhindra
Path Finder
‎09-22-2015 12:28 PM

Thanks for the quick reply.

I have 4 search heads in my cluster. Would I set the entity ID of all four search heads to the same value (splunk.foo.com) ?

0 Karma
Reply
Solved! Jump to solution

ruby_sheen
New Member
‎10-20-2016 12:31 AM

Madan,

so the entity ID should be the same for all the search heads in the cluster or each should have its own ID?

Ruby

0 Karma
Reply
Solved! Jump to solution

suarezry
Builder
‎10-20-2016 06:03 AM

Yes, the entity ID of all the search heads in the cluster will be same.

0 Karma
Reply
Get Updates on the Splunk Community!

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...

Enterprise Security Content Update (ESCU) | New Releases

In October, the Splunk Threat Research Team had one release of new security content via the Enterprise ...