SAML SSO on Splunkv8.2.4

shangshin · ‎02-10-2022

Hello,

Any changes happened on SAML SSO configuration in the new Splunk v8.2.4 ?

We have an IdP configured to use SSO and it is working in the Splunk v8.1.1. We recently upgraded to v8.2.4 we copied the same authentication.conf from v8.1.1. Seeing the below error in the Splunkd.log

relaystate is empty

RelayState may be missing due to IDP-intiated SAML workflow.

User=<user>@<DOMAIN1.DOMAIN.COM> domain= does not match default domain. Contact your syste administrator for more information about the default domain=saml for this system

Any idea how to fix this error?

VatsalJagani · ‎02-10-2022

Have you upgraded or copied the authentication.conf to a new instance?

If you copied to a new instance you have to make sure you write all passwords in clear text and restart Splunk.

Also, if this is a new system check from the SAML side that nothing is blocking due to filters.

shangshin · ‎02-14-2022

We got the saml sso working on v8.1.1 and when we migrated to v8.2.4 it works fine.

However, on the fresh install of v8.2.4 we are getting the same error. I tried rrestarting by eplacing the sslpassword with cleartext, It is not fixing the issue. Still the same errot

VatsalJagani · ‎02-14-2022

Please check with Splunk support once.

SAML SSO on Splunkv8.2.4

SAML

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio