Google Apps somewhat recently extended their SAML support1 to allow for custom SAML integrations2.
I attempted to configure Splunk Enterprise 6.3.1 to act as a SAMLv2 Service Provider using Splunk Web, but ran into some problems that appear to be Splunk bugs, and then determined that I most likely could not complete the configuration due to limitations within Splunk.
I initially attempted to import an IDP metadata file from Google, which failed with the message:
"Unable to parse the payload received as a part if idp metadata file or xml."
I then tried to import the same xml by pasting the xml into the text box - same result. (Note: I did validate the xml elsewhere and it passed).
Then I tried entering the required values into the web form, but noticed that the web form appeared to be requiring the Attribute Query URL, even though it is indicated as optional, and as far as I know there is no relevant Attribute Query URL for Google Apps as an IDP.
Beyond this, on the Google side, Google requires that you provide an SP ACS URL and an SP Entity Id. I could not determine how I could derive these values from my Splunk instance.
I've also seen a few mentions in the Splunk documentation that indicate that full support for SAML is really only intended for Okta and PingIdentity.
My question is therefore whether there are any plans to support additional IDP's, and specifically Google Apps.
There's a lot of questions about SAML and SSO right here... couldn't any Splunk Staff write a really useful documentation about this? They're making us waste a lot of time due to the missing information.