Security

SAML Failed to parse issuer

keen
Loves-to-Learn Lots

We are running Splunk enterprise 8.2.4 and it has been working fine with SSO authentication until I updated the SSL certificate, the certificate that was updated is the one referenced in my web.conf and my web browser show the new certificate however it broke SSO

Please note the updated certificate is also used in authentication.conf by Saml (ClientCert) 

Error message below are seen on splunk _internal logs

ERROR UiSAML [66314 webui] - IDP failed to authenticate request. Status Message="" Status Code="Responder"

ERROR Saml [66314 webui] - Failed to parse issuer. Could not evaluate xpath expression /samlp:Response/samlp:Status/samlp:StatusMessage or no matching nodes found. No value found in SamlResponse for key=/samlp:Response/samlp:Status/samlp:StatusMessageCould not evaluate xpath expression /samlp:Response/samlp:Status/samlp:StatusDetail/Cause or no matching nodes found. No value found in SamlResponse for key=/samlp:Response/samlp:Status/samlp:StatusDetail/CauseCould not evaluate xpath expression //saml:Assertion/saml:Issuer or no matching nodes found. No value found in SamlResponse for key=//saml:Assertion/saml:Issuer

How can I fix the problem please?

Labels (3)
0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...