Security

SAML response from ADFS

llopreiato
Engager

Hi all,

we are trying to configure Splunk on premise (7.3.6) to work with SAML and ADFS but we are stuck with some errors:

with signedAssertion = false we see in internal logs:

 

ERROR Saml - Failed to parse issuer. Could not evaluate xpath expression //saml:Assertion/saml:Issuer or no matching nodes found. No value found in SamlResponse for key=//saml:Assertion/saml:Issuer

 

with signedAssertion = true

 

ERROR UiSAML - Verification of SAML assertion using the IDP's certificate provided failed. Error: start node xmlSecNodeSignature not found in document

 

 

Any suggestions?

Labels (2)
0 Karma
1 Solution

llopreiato
Engager

We solved our problem by following Splunk support suggestion to remove encryption from ADFS as specified in chapter 13 of this guide:

https://www.splunk.com/en_us/blog/tips-and-tricks/configuring-microsofts-adfs-splunk-cloud.html

View solution in original post

0 Karma

llopreiato
Engager

We solved our problem by following Splunk support suggestion to remove encryption from ADFS as specified in chapter 13 of this guide:

https://www.splunk.com/en_us/blog/tips-and-tricks/configuring-microsofts-adfs-splunk-cloud.html

View solution in original post

0 Karma