Security

SAML SSO w/Okta - "...response does not contain group information"

danharvey
Explorer

Hi there, I've just followed the documentation/Splunk guide to set up Okta SSO with SAML, however when clicking on the Splunk link in Okta it shows the login animation as if normal and then lands on the Splunk web page page titled Account Status, with the message "Saml response does not contain group information".
I've set up groups in the SAML settings of my Splunk instance and also tried defining the "role" value in the Okta setup page for the app however still no luck.

Thanks

0 Karma
1 Solution

danharvey
Explorer

So I managed to fix my own issue after some good tips from user jahshuah in the splunk group on slack. Basically I was using the "Splunk Enterprise" app for Okta, which does not allow you to set group information. I had to go to "Create app" in okta and create a generic SAML 2.0 app.
After doing this and then following the usual setup procedures, I finally had the group attribute statements field, which I set up with the name "role" and matches regex ".*"
Finally I just went into the SAML settings in splunk, added a group with the same name as the okta group my users are in and what a Christmas miracle, it works.
Hopefully that helps someone in future.
Cheers

View solution in original post

danharvey
Explorer

So I managed to fix my own issue after some good tips from user jahshuah in the splunk group on slack. Basically I was using the "Splunk Enterprise" app for Okta, which does not allow you to set group information. I had to go to "Create app" in okta and create a generic SAML 2.0 app.
After doing this and then following the usual setup procedures, I finally had the group attribute statements field, which I set up with the name "role" and matches regex ".*"
Finally I just went into the SAML settings in splunk, added a group with the same name as the okta group my users are in and what a Christmas miracle, it works.
Hopefully that helps someone in future.
Cheers

richgalloway
SplunkTrust
SplunkTrust

@danharvey If your problem is resolved, please accept the answer to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma

p_gurav
Champion

Did you create corresponding authentication.conf file?

0 Karma

danharvey
Explorer

No unfortunately I do not have access to the backend of our splunk instances at the moment, however I was able to fix the group information error and I didn't need to touch the auth file. I'll post it as an answer for future reference if anyone has the same issue. Cheers though

0 Karma
Get Updates on the Splunk Community!

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...