Security

SSO setup problems

srichansen
Path Finder

Hi all,

we are trying to get SSO working through the SAML authentication method but are running into errors that we cant diagnose.

the most common error on login is the following in the splunkd logs.

01-24-2019 16:59:00.303 +0100 ERROR UserManagerPro - user="nobody" had no roles

01-24-2019 16:58:47.196 +0100 ERROR UiSAML - IDP failed to authenticate request. Status Code="Responder"

01-24-2019 16:58:47.196 +0100 ERROR UiSAML - IDP failed to authenticate request. Status Message="" Status Code="Responder"

   01-24-2019 16:58:47.196 +0100 ERROR Saml - No extra status code found in SamlResponse, Not a valid status. Could not evaluate xpath expression /samlp:Response/samlp:Status/samlp:StatusMessage or no matching nodes foundNo value found in SamlResponse for key=/samlp:Response/samlp:Status/samlp:StatusMessageCould not evaluate xpath expression /samlp:Response/samlp:Status/samlp:StatusDetail/Cause or no matching nodes foundNo value found in SamlResponse for key=/samlp:Response/samlp:Status/samlp:StatusDetail/Cause

From with the domain it seems to work fine, but externally we get the above.

Any tips to steer us in the right direction would be much apprectiated.

Kind regards
Simon

0 Karma
1 Solution

srichansen
Path Finder

Hi,

Thanks for the help.
I am going to close the ticket as i discovered what the problem was. The setup on the AD side was done by the client IT and a few steps were missed whereby the profiles were not linked to accounts.

Splunk was then getting empty user details and hence the errors.

thanks for looking.
regards
Simon

View solution in original post

0 Karma

rajasekhar14
Path Finder

Can you please let me know what was missing on the ADFS side?

0 Karma

srichansen
Path Finder

Hi,

Thanks for the help.
I am going to close the ticket as i discovered what the problem was. The setup on the AD side was done by the client IT and a few steps were missed whereby the profiles were not linked to accounts.

Splunk was then getting empty user details and hence the errors.

thanks for looking.
regards
Simon

0 Karma

mydog8it
Builder

Looks like a certificate error between IDP and Splunk to me. Not really enough info to determine for sure.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...