Hello All,
We are unable to integrate Splunk 6.5.2 with Deepnet 2FA using SAML. When I access the Splunk login page then it is perfectly redirected to IDP login page then after provided the user credentials this error page gets displayed. The error says The saml response does not contain group information.
Authentication.conf
[authentication]
authSettings = saml
authType = SAML
[roleMap_SAML]
admin = deepnetgroup;
[saml]
entityId = splunkEntityId
fqdn = http://rhel7
idpCertPath = /opt/splunk/etc/auth/SSOServer.crt
idpSLOUrl = https://dualshield.wipro.com:8074/appsso/logout?DASApplicationName=Splunk WebSSO
idpSSOUrl = https://dualshield.wipro.com:8074/appsso/login?DASApplicationName=Splunk WebSSO
redirectPort = 8000
signAuthnRequest = true
signatureAlgorithm = RSA-SHA1
signedAssertion = true
sloBinding = HTTPRedirect
clientCert = /opt/splunk/etc/auth/server.pem
sslPassword = $1$3umknA8lnEHb
ssoBinding = HTTPRedirect
Hi All,
I contacted Deepnet support (Vendor). They assisted us with this.
Please share the resolution.
Hi Rich,
Deepnet has published full steps of integration in their wiki page
http://wiki.deepnetsecurity.com/pages/viewpage.action?pageId=2818969
Use this browser tool to trace your SAML response:
https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/
Did your IdP include the role information in the response?
(...and your role name 'deepnetgroup;' includes a semicolon. Is this by design?)