Getting Data In

How to configure Splunk SAML SSO on Windows?

ww9rivers
Communicator

I have successfully configured a Splunk search head (Enterprise v6.5.0) to authenticate with SAML.

But I am having failures on Windows running Splunk Enterprise v6.5.1. Besides that the search head server OS difference, the other difference is what Splunk uses for hostname: On Linux it is the fully qualified DNS name, in Windows, it's just the hostname part without the domain.

The error I am getting is: "Unable to complete request at this time. (Request was from an untrusted provider-AEE5C49E56DD98D1)" in the ID Provider's sign-on screen.

That makes me wonder if there is a mismatch somewhere, possibly related to the hostname/DNS name difference. However, I did set the "fully qualified domain name" and "entity ID" fields to use the fully qualified DNS name in Splunk SAML configuration.

Has anyone else encountered this kind of situation? Thank you in advance for any insights.

suarezry
Builder

Use a browser plugin to trace your SAML exchanges:
https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/

You will be able to see what URL's Splunk is passing to your IdP. You can then verify if those URLs match the Splunk metadata gave to your IdP. What IdP are you using?

0 Karma

pgreer_splunk
Splunk Employee
Splunk Employee

What Identity Provider are you using?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...