Knowledge Management

SAML Assertion Encryption for Splunk

Path Finder

Hi,

I am trying to find information in the docs of Splunk on how to setup encryption for the SAML assertions, but so far I haven't found anything, except a vague note saying "SAML does not support encryption". E.g. https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/HowSAMLSSOworks

Does anyone here have some idea? Thanks in advance!

0 Karma

Path Finder

@t_walter - as far as I know it is Splunk that does not support token encryption. I've raised this as a ticket to Splunk Support and they were kind enough to explain to me that this is a missing feature currently and they will probably add it to future releases, but no commitment on exact versions or dates.

0 Karma

New Member

fyi: i requested what the state of this feature is:

answer from support:

'.. We do have an Epic for that work( SPL-189015 (https://jira.splunk.com/browse/SPL-189015) for your reference) which is slated for completion in our Cloud release at the beginning of August. There is not yet any release version or date for the on-premise work, and these are of course not fixed dates and subject to change. ..'

0 Karma

New Member

Hello

we also want to setup Splunk SSO with SAML and we are getting an EncryptedAssertion back from IdP (ADFS), which throws the error "Assertion node not found in SAML Response".
Is there any solution for this, or does Splunk not support encrypted SAML token?

0 Karma

SplunkTrust
SplunkTrust

Can you tell us which step in the image linked below that you're trying to encrypt?

https://images.app.goo.gl/HTSBFSyATeACqKrT8

0 Karma

Path Finder

Hi,
Accoring to our SAML specialists we are talking about the "token" in the SAML assertion, which looks lik step #4 from the diagram.

0 Karma

SplunkTrust
SplunkTrust

Ok and you are or are not already using HTTPS to make the assertion?

also what is your idp?

Also, are you just wanting to encrypt the assertion itself as discussed here?

https://www.componentspace.com/Forums/8819/Is-it-required-to-encrypted-the-Assertion-in-IDP-SSO-Resp...

0 Karma

Path Finder

Yes, we are using HTTPS.
We are using Azure AD.
And yes, we want to encrypt the assertion exactly like in that URL you've provided above.

0 Karma

SplunkTrust
SplunkTrust

Are you signing the auth request and it still isn't encrypting it?

0 Karma

Path Finder

Yes! The communication is HTTPS with certificates between the two systems but the token inside is not encrypted.

0 Karma