Security

SAML SSO w/Okta - "...response does not contain group information"

danharvey
Explorer

Hi there, I've just followed the documentation/Splunk guide to set up Okta SSO with SAML, however when clicking on the Splunk link in Okta it shows the login animation as if normal and then lands on the Splunk web page page titled Account Status, with the message "Saml response does not contain group information".
I've set up groups in the SAML settings of my Splunk instance and also tried defining the "role" value in the Okta setup page for the app however still no luck.

Thanks

0 Karma
1 Solution

danharvey
Explorer

So I managed to fix my own issue after some good tips from user jahshuah in the splunk group on slack. Basically I was using the "Splunk Enterprise" app for Okta, which does not allow you to set group information. I had to go to "Create app" in okta and create a generic SAML 2.0 app.
After doing this and then following the usual setup procedures, I finally had the group attribute statements field, which I set up with the name "role" and matches regex ".*"
Finally I just went into the SAML settings in splunk, added a group with the same name as the okta group my users are in and what a Christmas miracle, it works.
Hopefully that helps someone in future.
Cheers

View solution in original post

danharvey
Explorer

So I managed to fix my own issue after some good tips from user jahshuah in the splunk group on slack. Basically I was using the "Splunk Enterprise" app for Okta, which does not allow you to set group information. I had to go to "Create app" in okta and create a generic SAML 2.0 app.
After doing this and then following the usual setup procedures, I finally had the group attribute statements field, which I set up with the name "role" and matches regex ".*"
Finally I just went into the SAML settings in splunk, added a group with the same name as the okta group my users are in and what a Christmas miracle, it works.
Hopefully that helps someone in future.
Cheers

richgalloway
SplunkTrust
SplunkTrust

@danharvey If your problem is resolved, please accept the answer to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma

p_gurav
Champion

Did you create corresponding authentication.conf file?

0 Karma

danharvey
Explorer

No unfortunately I do not have access to the backend of our splunk instances at the moment, however I was able to fix the group information error and I didn't need to touch the auth file. I'll post it as an answer for future reference if anyone has the same issue. Cheers though

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...