With the release of 6.3.0 Splunk supports natively supports SAML 2.0
I've got some questions about some sentences in the document 'About Single Sign-on using SAML'
it is stated: "Currently, PingIdentity is the only supported identity provider"
Does this mean that any other identity provider cannot be used in combination with Splunk, or does this mean that possible any SAML provider may work but is not tested nor certified by Splunk?
In the same document: "Currently SSO with SAML is not supported for off-site configurations." how should this be read?
Does this mean that it is just not supported/possible to use with Splunk Cloud? How about a Splunk Enterprise setup hosted in some public cloud? Aws/Azure etc? Would it be supported there?
PingIdentity is the only SAML provider supported in Splunk Cloud at this moment. As we move forward, OKTA, ADFS and a few other providers are going to be added to the out of the box supported list.
That being said, its based on OpenSAML and if your SAML implementation supports the required options, you should be able to integrate it into on premises Splunk.
Answer 1: Yes, only PingIdentity is supported, will not work with any other one.
Answer 2: Splunk Enterprise is supported no matter where you host your splunk.
What do you mean by writing an IDP? Implementing one?
Please refer to this doc about the IDP that Splunk supports in latest release, http://docs.splunk.com/Documentation/Splunk/7.0.0/Security/HowSAMLSSOworks.