Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to configure Splunk SAML SSO on Windows?

ww9rivers
Contributor
‎12-15-2016 02:09 PM

I have successfully configured a Splunk search head (Enterprise v6.5.0) to authenticate with SAML.

But I am having failures on Windows running Splunk Enterprise v6.5.1. Besides that the search head server OS difference, the other difference is what Splunk uses for hostname: On Linux it is the fully qualified DNS name, in Windows, it's just the hostname part without the domain.

The error I am getting is: "Unable to complete request at this time. (Request was from an untrusted provider-AEE5C49E56DD98D1)" in the ID Provider's sign-on screen.

That makes me wonder if there is a mismatch somewhere, possibly related to the hostname/DNS name difference. However, I did set the "fully qualified domain name" and "entity ID" fields to use the fully qualified DNS name in Splunk SAML configuration.

Has anyone else encountered this kind of situation? Thank you in advance for any insights.

Reply

suarezry
Builder
‎12-21-2016 10:34 AM

Use a browser plugin to trace your SAML exchanges:
https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/

You will be able to see what URL's Splunk is passing to your IdP. You can then verify if those URLs match the Splunk metadata gave to your IdP. What IdP are you using?

0 Karma
Reply

pgreer_splunk
Splunk Employee
Splunk Employee
‎12-15-2016 05:01 PM

What Identity Provider are you using?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...