Security
Highlighted

How to configure OKTA SAML2 authentication with Splunk?

Explorer

Support for OKTA SAML authentication was just announced with Splunk 6.4:
http://blogs.splunk.com/2016/04/05/splunk-enterprise-6-4/

Our team is very eager to get this implemented, however, we could not find documentation for this topic. Has anyone had success configuring OKTA SAML2 with Splunk Enterprise? Furthermore, have you been able to successfully pass roles from OKTA to Splunk?

Any help would be greatly appreciated.

Thanks!

Highlighted

Re: How to configure OKTA SAML2 authentication with Splunk?

Super Champion

Did you find the topics in the Securing Splunk Enterprise manual, starting with Configure single sign-on with SAML?

0 Karma
Highlighted

Re: How to configure OKTA SAML2 authentication with Splunk?

Path Finder

We're struggling with this as well since the splunk documentation isn't complete for the OKTA IdP. I have a support case open, but here's what I've been able to do w/o support so far:

First, I believe the sso url should be /saml/acs

Under group attribute statements on OKTA, put http://schemas.microsoft.com/ws/2008/06/identity/claims/role and then your group filter. We named them all with role-splunk* in them and verified using SAML tracer that they're coming over.

Now I see this: No valid splunk role found in the local mapping or assertion. I verified the rolemap_saml configuration in authentication.conf.

Highlighted

Re: How to configure OKTA SAML2 authentication with Splunk?

Path Finder

We had to do one more thing to map the roles from OKTA. Under the Group Attribute Statements, we added

role, name format: unspecified, filter: starts with (name of our AD group to pass)

0 Karma
Highlighted

Re: How to configure OKTA SAML2 authentication with Splunk?

Explorer

Niemesrw, did you create your own Okta app or did you use the pre-built one in the Okta? The one in the Okta docs does not seem to work right for me. Can you share your okta config below?

thx in advance.

0 Karma
Highlighted

Re: How to configure OKTA SAML2 authentication with Splunk?

Explorer

We successfully implemented this creating a custom app in Okta versus using the prebuilt one. If you'd like the how-to, let me know.

Thanks!

Highlighted

Re: How to configure OKTA SAML2 authentication with Splunk?

Explorer

I would love it! That would save me a lot of headaches. 🙂 Thanks in advance.

0 Karma
Highlighted

Re: How to configure OKTA SAML2 authentication with Splunk?

Explorer

These OKTA settings below seem to be working.

Single Sign On URL- https://splunkserver:port/saml/acs
Recipient URL- https://splunkserver:port/saml/acs
Destination URL- https://splunkserver:port /saml/acs
Audience Restriction- https://splunkserver:port
Default Relay State (blank)
Name ID Format- Unspecified
Response- Signed
Assertion Signature- Signed
Signature Algorithm- RSA_SHA256
Digest Algorithm- SHA256
Assertion Encryption- Unencrypted
SAML Single Logout- Disabled
authnContextClassRef- PasswordProtectedTransport
Honor Force Authentication- Yes
SAML Issuer ID- http://www.okta.com/${org.externalKey}

ATTRIBUTE STATEMENTS
Name: myMail
Name Format: Unspecified
Value: user.email

Name: myRealName
Name Format: Unspecified
Value: user.firstName

GROUP ATTRIBUTE STATEMENTS
Name: myRole
Name Format: Unspecified
Filter: Starts with:

==================================================
In Splunk, just copy the metadata into the field and apply. You then need to set the 3 attribute names to: myRole, myRealName, myMail

Also make sure to add the appropriate role name(s). It/they must match the group name from AD.

thx,
art

Highlighted

Re: How to configure OKTA SAML2 authentication with Splunk?

New Member

I got error when logging into splunk from okta portal: "No valid splunk role found in the local mapping or assertion." any idea what this could be?

0 Karma
Highlighted

Re: How to configure OKTA SAML2 authentication with Splunk?

New Member

A how-to please!

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.