Security

SAML Failed to parse issuer

keen
Loves-to-Learn Lots

We are running Splunk enterprise 8.2.4 and it has been working fine with SSO authentication until I updated the SSL certificate, the certificate that was updated is the one referenced in my web.conf and my web browser show the new certificate however it broke SSO

Please note the updated certificate is also used in authentication.conf by Saml (ClientCert) 

Error message below are seen on splunk _internal logs

ERROR UiSAML [66314 webui] - IDP failed to authenticate request. Status Message="" Status Code="Responder"

ERROR Saml [66314 webui] - Failed to parse issuer. Could not evaluate xpath expression /samlp:Response/samlp:Status/samlp:StatusMessage or no matching nodes found. No value found in SamlResponse for key=/samlp:Response/samlp:Status/samlp:StatusMessageCould not evaluate xpath expression /samlp:Response/samlp:Status/samlp:StatusDetail/Cause or no matching nodes found. No value found in SamlResponse for key=/samlp:Response/samlp:Status/samlp:StatusDetail/CauseCould not evaluate xpath expression //saml:Assertion/saml:Issuer or no matching nodes found. No value found in SamlResponse for key=//saml:Assertion/saml:Issuer

How can I fix the problem please?

Labels (3)
0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...