Security

How to fix when Okta SAML authorization succeeds but returns to a Splunk 404 error?

anewell
Path Finder

We configured Splunk Enterprise 6.4.2 for SAML authentication following the latest documentation, and while the basic authentication & authorization succeeds, the SSO process then drops the user into a Splunk URI that is a 404 error:

https://splunkserver:8000/en-US/secret/endpoint/postResponse

404 Not Found 

Return to Splunk home page 
Page not found! 
View more information about your request (request ID = [snip]) in Search 

This page was linked to from https://[SSO.provider]/app/splunk/[token]/sso/saml. 

You are using [splunk]:8000, which is connected to splunkd @[snip] at https://127.0.0.1:8089 on Mon Aug 8 16:17:18 2016.  

How do I fix this?

0 Karma
1 Solution

anewell
Path Finder

This is resolved. Our Okta admin used the Splunk connector app found in Okta (the one with the big, obvious SPLUNK > logo on it.) That turns out to be a "community supported" app, and does not work with Splunk Enterprise 6.4.3. We created a generic SAML connector in Okta and it worked on the first try, returning the user to the proper Launcher dashboard.

View solution in original post

pgreer_splunk
Splunk Employee
Splunk Employee

FYI: There is a now 'howto' blog posting for configuring Splunk Cloud and Okta SAML integration. Part of that is doing just what you did - start from scratch instead of starting from the community app. 🙂

See it here

anewell
Path Finder

This is resolved. Our Okta admin used the Splunk connector app found in Okta (the one with the big, obvious SPLUNK > logo on it.) That turns out to be a "community supported" app, and does not work with Splunk Enterprise 6.4.3. We created a generic SAML connector in Okta and it worked on the first try, returning the user to the proper Launcher dashboard.

Get Updates on the Splunk Community!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...

Tech Talk | One Log to Rule Them All

One log to rule them all: how you can centralize your troubleshooting with Splunk logs We know how important ...