Security

SAML SSO w/Okta - "...response does not contain group information"

danharvey
Explorer

Hi there, I've just followed the documentation/Splunk guide to set up Okta SSO with SAML, however when clicking on the Splunk link in Okta it shows the login animation as if normal and then lands on the Splunk web page page titled Account Status, with the message "Saml response does not contain group information".
I've set up groups in the SAML settings of my Splunk instance and also tried defining the "role" value in the Okta setup page for the app however still no luck.

Thanks

0 Karma
1 Solution

danharvey
Explorer

So I managed to fix my own issue after some good tips from user jahshuah in the splunk group on slack. Basically I was using the "Splunk Enterprise" app for Okta, which does not allow you to set group information. I had to go to "Create app" in okta and create a generic SAML 2.0 app.
After doing this and then following the usual setup procedures, I finally had the group attribute statements field, which I set up with the name "role" and matches regex ".*"
Finally I just went into the SAML settings in splunk, added a group with the same name as the okta group my users are in and what a Christmas miracle, it works.
Hopefully that helps someone in future.
Cheers

View solution in original post

danharvey
Explorer

So I managed to fix my own issue after some good tips from user jahshuah in the splunk group on slack. Basically I was using the "Splunk Enterprise" app for Okta, which does not allow you to set group information. I had to go to "Create app" in okta and create a generic SAML 2.0 app.
After doing this and then following the usual setup procedures, I finally had the group attribute statements field, which I set up with the name "role" and matches regex ".*"
Finally I just went into the SAML settings in splunk, added a group with the same name as the okta group my users are in and what a Christmas miracle, it works.
Hopefully that helps someone in future.
Cheers

richgalloway
SplunkTrust
SplunkTrust

@danharvey If your problem is resolved, please accept the answer to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma

p_gurav
Champion

Did you create corresponding authentication.conf file?

0 Karma

danharvey
Explorer

No unfortunately I do not have access to the backend of our splunk instances at the moment, however I was able to fix the group information error and I didn't need to touch the auth file. I'll post it as an answer for future reference if anyone has the same issue. Cheers though

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...