With the latest v 6.3 that was released earlier today, one of the features that was introduced was the ability of Splunk Enterprise to handle SAML based authentication (without needing custom messy Apache configurations, etc).
The question I had was whether SAML based SSO solution will work with Search Head Clustering ?
I was unable to find any mention about this in the documentation.
Can anyone provide any insight on this ?
Thanks and Regards,
You only have to enable SAML on the search head, once you do that, search head cluster behavior will work as normal.
Hope that helps.
Thanks for the quick reply.
I have 4 search heads in my cluster. Would I set the entity ID of all four search heads to the same value (splunk.foo.com) ?
so the entity ID should be the same for all the search heads in the cluster or each should have its own ID?
It's a good best practice to configure them the same way, I would think. And the the server.pem or saml.pem DEFNITELY need to be same on all the Search heads in a SHC set up so that they can communicate.
Great, look forward to hearing back about how things go. I'm the writer for the topics so please let me know if you find something that is not helpful or something that you think might improve the docs!
Reading through the documentation, it seems that SAML based SSO is only supported with Ping Identity as an Identity Provider.
Are standards based SAML 2.0 providers (non Ping Identity) not supported yet ? If so, when do you expect them to be supported ?
Our IdP does not support an Attribute Query URL. How would we configure SAML in the absence of such a URL.
Also, I dont see any mention of where the IdP should post the SAML response to a Splunk search-head (Assertion Consumer Service URL).