Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

SAML Assertion Encryption for Splunk

vanvan
Path Finder
‎07-04-2019 10:55 PM

Hi,

I am trying to find information in the docs of Splunk on how to setup encryption for the SAML assertions, but so far I haven't found anything, except a vague note saying "SAML does not support encryption". E.g. https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/HowSAMLSSOworks

Does anyone here have some idea? Thanks in advance!

0 Karma
Reply

vanvan
Path Finder
‎02-10-2020 10:35 PM

@t_walter - as far as I know it is Splunk that does not support token encryption. I've raised this as a ticket to Splunk Support and they were kind enough to explain to me that this is a missing feature currently and they will probably add it to future releases, but no commitment on exact versions or dates.

0 Karma
Reply

florianzimm
Engager
‎07-13-2020 12:47 AM

fyi: i requested what the state of this feature is:

answer from support:

'.. We do have an Epic for that work( SPL-189015 (https://jira.splunk.com/browse/SPL-189015) for your reference) which is slated for completion in our Cloud release at the beginning of August. There is not yet any release version or date for the on-premise work, and these are of course not fixed dates and subject to change. ..'

0 Karma
Reply

t_walter
New Member
‎02-10-2020 07:56 AM

Hello

we also want to setup Splunk SSO with SAML and we are getting an EncryptedAssertion back from IdP (ADFS), which throws the error "Assertion node not found in SAML Response".
Is there any solution for this, or does Splunk not support encrypted SAML token?

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎07-07-2019 04:58 AM

Can you tell us which step in the image linked below that you're trying to encrypt?

https://images.app.goo.gl/HTSBFSyATeACqKrT8

0 Karma
Reply

vanvan
Path Finder
‎07-08-2019 11:16 PM

Hi,
Accoring to our SAML specialists we are talking about the "token" in the SAML assertion, which looks lik step #4 from the diagram.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎07-09-2019 05:06 AM

Ok and you are or are not already using HTTPS to make the assertion?

also what is your idp?

Also, are you just wanting to encrypt the assertion itself as discussed here?

https://www.componentspace.com/Forums/8819/Is-it-required-to-encrypted-the-Assertion-in-IDP-SSO-Resp...

0 Karma
Reply

vanvan
Path Finder
‎07-09-2019 11:27 PM

Yes, we are using HTTPS.
We are using Azure AD.
And yes, we want to encrypt the assertion exactly like in that URL you've provided above.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎07-10-2019 07:41 AM

Are you signing the auth request and it still isn't encrypting it?

0 Karma
Reply

vanvan
Path Finder
‎07-11-2019 02:42 AM

Yes! The communication is HTTPS with certificates between the two systems but the token inside is not encrypted.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...