Security

SAML SSO w/Okta - "...response does not contain group information"

danharvey
Explorer

Hi there, I've just followed the documentation/Splunk guide to set up Okta SSO with SAML, however when clicking on the Splunk link in Okta it shows the login animation as if normal and then lands on the Splunk web page page titled Account Status, with the message "Saml response does not contain group information".
I've set up groups in the SAML settings of my Splunk instance and also tried defining the "role" value in the Okta setup page for the app however still no luck.

Thanks

0 Karma
1 Solution

danharvey
Explorer

So I managed to fix my own issue after some good tips from user jahshuah in the splunk group on slack. Basically I was using the "Splunk Enterprise" app for Okta, which does not allow you to set group information. I had to go to "Create app" in okta and create a generic SAML 2.0 app.
After doing this and then following the usual setup procedures, I finally had the group attribute statements field, which I set up with the name "role" and matches regex ".*"
Finally I just went into the SAML settings in splunk, added a group with the same name as the okta group my users are in and what a Christmas miracle, it works.
Hopefully that helps someone in future.
Cheers

View solution in original post

danharvey
Explorer

So I managed to fix my own issue after some good tips from user jahshuah in the splunk group on slack. Basically I was using the "Splunk Enterprise" app for Okta, which does not allow you to set group information. I had to go to "Create app" in okta and create a generic SAML 2.0 app.
After doing this and then following the usual setup procedures, I finally had the group attribute statements field, which I set up with the name "role" and matches regex ".*"
Finally I just went into the SAML settings in splunk, added a group with the same name as the okta group my users are in and what a Christmas miracle, it works.
Hopefully that helps someone in future.
Cheers

richgalloway
SplunkTrust
SplunkTrust

@danharvey If your problem is resolved, please accept the answer to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma

p_gurav
Champion

Did you create corresponding authentication.conf file?

0 Karma

danharvey
Explorer

No unfortunately I do not have access to the backend of our splunk instances at the moment, however I was able to fix the group information error and I didn't need to touch the auth file. I'll post it as an answer for future reference if anyone has the same issue. Cheers though

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...