Getting Data In

How to configure Splunk SAML SSO on Windows?

ww9rivers
Contributor

I have successfully configured a Splunk search head (Enterprise v6.5.0) to authenticate with SAML.

But I am having failures on Windows running Splunk Enterprise v6.5.1. Besides that the search head server OS difference, the other difference is what Splunk uses for hostname: On Linux it is the fully qualified DNS name, in Windows, it's just the hostname part without the domain.

The error I am getting is: "Unable to complete request at this time. (Request was from an untrusted provider-AEE5C49E56DD98D1)" in the ID Provider's sign-on screen.

That makes me wonder if there is a mismatch somewhere, possibly related to the hostname/DNS name difference. However, I did set the "fully qualified domain name" and "entity ID" fields to use the fully qualified DNS name in Splunk SAML configuration.

Has anyone else encountered this kind of situation? Thank you in advance for any insights.

suarezry
Builder

Use a browser plugin to trace your SAML exchanges:
https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/

You will be able to see what URL's Splunk is passing to your IdP. You can then verify if those URLs match the Splunk metadata gave to your IdP. What IdP are you using?

0 Karma

pgreer_splunk
Splunk Employee
Splunk Employee

What Identity Provider are you using?

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...

span_metrics: The OpenTelemetry-Idiomatic Way to See Inside Your Services

You open a trace in Splunk Observability Cloud and everything looks fine. One root span, order-pipeline, with ...