Hey All,
I'm setting up SAML authentication in our new Splunk Cloud environment and everything appears to be working with our on-prem home grown identity provider as I'm getting to our authentication source and logging in successfully. However after I do I get presented with the Splunk Cloud terms of service page and appear to get stuck in a loop when I press "Accept" and "Ok", it just takes me back to the same page.
Has anyone run into this with Splunk Cloud and if so how have you been able to fix it?
Thanks!
There is nothing worse than a SOLVED question with no public solution.
So here's the likely solution: When sending RelayState back to the sP (Splunk), it must be changed to the base64 form of something like return_to=/en-US/&username=USERNAME&accepted_tos=1 and sent along with the base64 encoded SAMLResponse from the idP.
Can you log in to Splunk Cloud using splunk auth? If so, take a look at the user account that should be created when the SAML user authenticates. Does the SAML account look correct?
They broke all of their domains last week but it is supposed to be fixed now.
Thanks for the info, unfortunately looks like that wasn't my issue since I'm still hitting the TOC page.
You should open a support case.