Security

SAML SSO w/Okta - "...response does not contain group information"

Explorer

Hi there, I've just followed the documentation/Splunk guide to set up Okta SSO with SAML, however when clicking on the Splunk link in Okta it shows the login animation as if normal and then lands on the Splunk web page page titled Account Status, with the message "Saml response does not contain group information".
I've set up groups in the SAML settings of my Splunk instance and also tried defining the "role" value in the Okta setup page for the app however still no luck.

Thanks

0 Karma
1 Solution

Explorer

So I managed to fix my own issue after some good tips from user jahshuah in the splunk group on slack. Basically I was using the "Splunk Enterprise" app for Okta, which does not allow you to set group information. I had to go to "Create app" in okta and create a generic SAML 2.0 app.
After doing this and then following the usual setup procedures, I finally had the group attribute statements field, which I set up with the name "role" and matches regex ".*"
Finally I just went into the SAML settings in splunk, added a group with the same name as the okta group my users are in and what a Christmas miracle, it works.
Hopefully that helps someone in future.
Cheers

View solution in original post

Explorer

So I managed to fix my own issue after some good tips from user jahshuah in the splunk group on slack. Basically I was using the "Splunk Enterprise" app for Okta, which does not allow you to set group information. I had to go to "Create app" in okta and create a generic SAML 2.0 app.
After doing this and then following the usual setup procedures, I finally had the group attribute statements field, which I set up with the name "role" and matches regex ".*"
Finally I just went into the SAML settings in splunk, added a group with the same name as the okta group my users are in and what a Christmas miracle, it works.
Hopefully that helps someone in future.
Cheers

View solution in original post

SplunkTrust
SplunkTrust

@danharvey If your problem is resolved, please accept the answer to help future readers.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

Champion

Did you create corresponding authentication.conf file?

0 Karma

Explorer

No unfortunately I do not have access to the backend of our splunk instances at the moment, however I was able to fix the group information error and I didn't need to touch the auth file. I'll post it as an answer for future reference if anyone has the same issue. Cheers though

0 Karma