Deployment Architecture

Splunk Search Head Integration with SAML

keishamtcs
Explorer

Hi All,

I have 4 SH cluster members for which i have to integrate SAML. Our AD team is asking the below information reply URL.

Do i need to give all the 4 url ?
Also do i need to configure the SAML on all 4 SH UI ? please do share your thoughts.

SAML-based Sign-on Attributes Value -

Reply URL (Assertion Consumer Service URL)

https://searchhead1.group.com/saml/acs
https://searchhead2.group.com/saml/acs
https://searchhead3.group.com/saml/acs
https://searchhead4.group.com/saml/acs

Labels (2)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

I don't have an answer for the Reply URL, but yes, you need to configure SAML on all SHs. Don't use the UI, however, push an app from your deployer.

---
If this reply helps you, Karma would be appreciated.
0 Karma

keishamtcs
Explorer

Thanks..can you please give some pointer on how to use as an app for the SAML config?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Perhaps the easiest way is first to configure SAML on your deployer. Then copy the $SPLUNK_HOME/etc/system/local/authentication.conf file to $SPLUNK_HOME/etc/shcluster/apps/org_SAML_auth/default. Use the splunk apply shcluster-bundle command to send the app to SHC members. After that is done you can turn off SAML on the deployer, if you wish.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...