Security

SSO setup problems

Path Finder

Hi all,

we are trying to get SSO working through the SAML authentication method but are running into errors that we cant diagnose.

the most common error on login is the following in the splunkd logs.

01-24-2019 16:59:00.303 +0100 ERROR UserManagerPro - user="nobody" had no roles

01-24-2019 16:58:47.196 +0100 ERROR UiSAML - IDP failed to authenticate request. Status Code="Responder"

01-24-2019 16:58:47.196 +0100 ERROR UiSAML - IDP failed to authenticate request. Status Message="" Status Code="Responder"

   01-24-2019 16:58:47.196 +0100 ERROR Saml - No extra status code found in SamlResponse, Not a valid status. Could not evaluate xpath expression /samlp:Response/samlp:Status/samlp:StatusMessage or no matching nodes foundNo value found in SamlResponse for key=/samlp:Response/samlp:Status/samlp:StatusMessageCould not evaluate xpath expression /samlp:Response/samlp:Status/samlp:StatusDetail/Cause or no matching nodes foundNo value found in SamlResponse for key=/samlp:Response/samlp:Status/samlp:StatusDetail/Cause

From with the domain it seems to work fine, but externally we get the above.

Any tips to steer us in the right direction would be much apprectiated.

Kind regards
Simon

0 Karma
1 Solution

Path Finder

Hi,

Thanks for the help.
I am going to close the ticket as i discovered what the problem was. The setup on the AD side was done by the client IT and a few steps were missed whereby the profiles were not linked to accounts.

Splunk was then getting empty user details and hence the errors.

thanks for looking.
regards
Simon

View solution in original post

0 Karma

Path Finder

Can you please let me know what was missing on the ADFS side?

0 Karma

Path Finder

Hi,

Thanks for the help.
I am going to close the ticket as i discovered what the problem was. The setup on the AD side was done by the client IT and a few steps were missed whereby the profiles were not linked to accounts.

Splunk was then getting empty user details and hence the errors.

thanks for looking.
regards
Simon

View solution in original post

0 Karma

Builder

Looks like a certificate error between IDP and Splunk to me. Not really enough info to determine for sure.

0 Karma