Knowledge Management

SAML Assertion Encryption for Splunk

vanvan
Path Finder

Hi,

I am trying to find information in the docs of Splunk on how to setup encryption for the SAML assertions, but so far I haven't found anything, except a vague note saying "SAML does not support encryption". E.g. https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/HowSAMLSSOworks

Does anyone here have some idea? Thanks in advance!

0 Karma

vanvan
Path Finder

@t_walter - as far as I know it is Splunk that does not support token encryption. I've raised this as a ticket to Splunk Support and they were kind enough to explain to me that this is a missing feature currently and they will probably add it to future releases, but no commitment on exact versions or dates.

0 Karma

florianzimm
Engager

fyi: i requested what the state of this feature is:

answer from support:

'.. We do have an Epic for that work( SPL-189015 (https://jira.splunk.com/browse/SPL-189015) for your reference) which is slated for completion in our Cloud release at the beginning of August. There is not yet any release version or date for the on-premise work, and these are of course not fixed dates and subject to change. ..'

0 Karma

t_walter
New Member

Hello

we also want to setup Splunk SSO with SAML and we are getting an EncryptedAssertion back from IdP (ADFS), which throws the error "Assertion node not found in SAML Response".
Is there any solution for this, or does Splunk not support encrypted SAML token?

0 Karma

jkat54
SplunkTrust
SplunkTrust

Can you tell us which step in the image linked below that you're trying to encrypt?

https://images.app.goo.gl/HTSBFSyATeACqKrT8

0 Karma

vanvan
Path Finder

Hi,
Accoring to our SAML specialists we are talking about the "token" in the SAML assertion, which looks lik step #4 from the diagram.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Ok and you are or are not already using HTTPS to make the assertion?

also what is your idp?

Also, are you just wanting to encrypt the assertion itself as discussed here?

https://www.componentspace.com/Forums/8819/Is-it-required-to-encrypted-the-Assertion-in-IDP-SSO-Resp...

0 Karma

vanvan
Path Finder

Yes, we are using HTTPS.
We are using Azure AD.
And yes, we want to encrypt the assertion exactly like in that URL you've provided above.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Are you signing the auth request and it still isn't encrypting it?

0 Karma

vanvan
Path Finder

Yes! The communication is HTTPS with certificates between the two systems but the token inside is not encrypted.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...