Solved: No valid splunk role found in local mapping? (AD F...

michaelba · ‎02-03-2017

Splunk,

After completing Active Directory Federation Services (ADFS), our role mappings are not recognized. What are we overlooking?

Here’s the authentication.conf, the role mapping is declared at the bottom:

In AD FS, the relying part transformation rules are:

The NameId claim transformation:

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"]
 => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient");

The Role and realName claim:

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", "realName"), query = ";tokenGroups,displayName;{0}", param = c.Value);

michaelba · ‎02-05-2017

We found the issue:

In Active Directory, the group splunkadmin needs to be a Global group type.
Logoff the machine and log back so the user's profile could be refreshed with the new group enrollment.

View solution in original post

michaelba · ‎02-05-2017

We found the issue:

In Active Directory, the group splunkadmin needs to be a Global group type.
Logoff the machine and log back so the user's profile could be refreshed with the new group enrollment.

richgalloway · ‎02-05-2017

If your problem is resolved, please accept the answer.

---
If this reply helps you, Karma would be appreciated.

No valid splunk role found in local mapping? (AD FS, SAML, SSO)

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM