SAML v2.0 support in Splunk

vRob · ‎09-23-2015

With the release of 6.3.0 Splunk supports natively supports SAML 2.0

I've got some questions about some sentences in the document 'About Single Sign-on using SAML'

First question:

it is stated: "Currently, PingIdentity is the only supported identity provider"

Does this mean that any other identity provider cannot be used in combination with Splunk, or does this mean that possible any SAML provider may work but is not tested nor certified by Splunk?

Second question:

In the same document: "Currently SSO with SAML is not supported for off-site configurations." how should this be read?
Does this mean that it is just not supported/possible to use with Splunk Cloud? How about a Splunk Enterprise setup hosted in some public cloud? Aws/Azure etc? Would it be supported there?

Thanks!

esix_splunk · ‎11-11-2015

PingIdentity is the only SAML provider supported in Splunk Cloud at this moment. As we move forward, OKTA, ADFS and a few other providers are going to be added to the out of the box supported list.

That being said, its based on OpenSAML and if your SAML implementation supports the required options, you should be able to integrate it into on premises Splunk.

tshen_splunk · ‎11-11-2015

Hi vRob,

Answer 1: Yes, only PingIdentity is supported, will not work with any other one.
Answer 2: Splunk Enterprise is supported no matter where you host your splunk.

Thanks,
Tim

zhaokun · ‎09-26-2017

I want write an IDP to connection Splunk, but I don't dnow what is Splunk saml need.

tshen_splunk · ‎09-26-2017

Hi Kun,

What do you mean by writing an IDP? Implementing one?
Please refer to this doc about the IDP that Splunk supports in latest release, http://docs.splunk.com/Documentation/Splunk/7.0.0/Security/HowSAMLSSOworks.

Thanks,
Tim

zhaokun · ‎09-26-2017

How I write a IDP to connection Splunk SAML?