Getting Data In

How to configure Splunk SAML SSO on Windows?

ww9rivers
Communicator

I have successfully configured a Splunk search head (Enterprise v6.5.0) to authenticate with SAML.

But I am having failures on Windows running Splunk Enterprise v6.5.1. Besides that the search head server OS difference, the other difference is what Splunk uses for hostname: On Linux it is the fully qualified DNS name, in Windows, it's just the hostname part without the domain.

The error I am getting is: "Unable to complete request at this time. (Request was from an untrusted provider-AEE5C49E56DD98D1)" in the ID Provider's sign-on screen.

That makes me wonder if there is a mismatch somewhere, possibly related to the hostname/DNS name difference. However, I did set the "fully qualified domain name" and "entity ID" fields to use the fully qualified DNS name in Splunk SAML configuration.

Has anyone else encountered this kind of situation? Thank you in advance for any insights.

suarezry
Builder

Use a browser plugin to trace your SAML exchanges:
https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/

You will be able to see what URL's Splunk is passing to your IdP. You can then verify if those URLs match the Splunk metadata gave to your IdP. What IdP are you using?

0 Karma

pgreer_splunk
Splunk Employee
Splunk Employee

What Identity Provider are you using?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...