Security

No valid splunk role found in local mapping? (AD FS, SAML, SSO)

michaelba
Explorer

Splunk,

After completing Active Directory Federation Services (ADFS), our role mappings are not recognized. What are we overlooking?

alt text

Here’s the authentication.conf, the role mapping is declared at the bottom:
alt text

In AD FS, the relying part transformation rules are:

The NameId claim transformation:

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"]
 => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient");

The Role and realName claim:

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", "realName"), query = ";tokenGroups,displayName;{0}", param = c.Value);
0 Karma
1 Solution

michaelba
Explorer

We found the issue:

  1. In Active Directory, the group splunkadmin needs to be a Global group type.
  2. Logoff the machine and log back so the user's profile could be refreshed with the new group enrollment.

View solution in original post

michaelba
Explorer

We found the issue:

  1. In Active Directory, the group splunkadmin needs to be a Global group type.
  2. Logoff the machine and log back so the user's profile could be refreshed with the new group enrollment.

richgalloway
SplunkTrust
SplunkTrust

If your problem is resolved, please accept the answer.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...