Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Security
- :
- SSO setup problems
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all,
we are trying to get SSO working through the SAML authentication method but are running into errors that we cant diagnose.
the most common error on login is the following in the splunkd logs.
01-24-2019 16:59:00.303 +0100 ERROR UserManagerPro - user="nobody" had no roles
01-24-2019 16:58:47.196 +0100 ERROR UiSAML - IDP failed to authenticate request. Status Code="Responder"
01-24-2019 16:58:47.196 +0100 ERROR UiSAML - IDP failed to authenticate request. Status Message="" Status Code="Responder"
01-24-2019 16:58:47.196 +0100 ERROR Saml - No extra status code found in SamlResponse, Not a valid status. Could not evaluate xpath expression /samlp:Response/samlp:Status/samlp:StatusMessage or no matching nodes foundNo value found in SamlResponse for key=/samlp:Response/samlp:Status/samlp:StatusMessageCould not evaluate xpath expression /samlp:Response/samlp:Status/samlp:StatusDetail/Cause or no matching nodes foundNo value found in SamlResponse for key=/samlp:Response/samlp:Status/samlp:StatusDetail/Cause
From with the domain it seems to work fine, but externally we get the above.
Any tips to steer us in the right direction would be much apprectiated.
Kind regards
Simon
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Thanks for the help.
I am going to close the ticket as i discovered what the problem was. The setup on the AD side was done by the client IT and a few steps were missed whereby the profiles were not linked to accounts.
Splunk was then getting empty user details and hence the errors.
thanks for looking.
regards
Simon
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you please let me know what was missing on the ADFS side?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Thanks for the help.
I am going to close the ticket as i discovered what the problem was. The setup on the AD side was done by the client IT and a few steps were missed whereby the profiles were not linked to accounts.
Splunk was then getting empty user details and hence the errors.
thanks for looking.
regards
Simon
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looks like a certificate error between IDP and Splunk to me. Not really enough info to determine for sure.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
SplunkTrust Application Period is Officially OPEN!
Announcing Modern Navigation: A New Era of Splunk User Experience
