Security

SAML SSO on Splunkv8.2.4

shangshin
Contributor

Hello,

Any changes happened on SAML SSO configuration in the new Splunk v8.2.4 ?

We have an IdP configured to use SSO and it is working in the Splunk v8.1.1. We recently upgraded to v8.2.4 we copied the same authentication.conf from v8.1.1.  Seeing the below error in the Splunkd.log

 

relaystate is empty

RelayState may be missing due to IDP-intiated SAML workflow.

User=<user>@<DOMAIN1.DOMAIN.COM> domain= does not match default domain. Contact your syste administrator for more information about the default domain=saml for this system

 

Any idea how to fix this error?

 

 

Labels (1)
0 Karma

VatsalJagani
Champion

Have you upgraded or copied the authentication.conf to a new instance?

If you copied to a new instance you have to make sure you write all passwords in clear text and restart Splunk.

Also, if this is a new system check from the SAML side that nothing is blocking due to filters.

0 Karma

shangshin
Contributor

We got the saml sso working on v8.1.1 and when we migrated to v8.2.4 it works fine.

However,  on the fresh install of v8.2.4 we are getting the same error. I tried rrestarting by eplacing the sslpassword with cleartext, It is not fixing the issue. Still the same errot

0 Karma

VatsalJagani
Champion

Please check with Splunk support once.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...