Security

Splunk SAML Assertion X509Certificate

maffreitas
Path Finder

Hi all,

Do you know the procedure to change the SAML Assertion X509Certificate (= server.pem) for a certificate signed by a third-party?

Regards.

0 Karma
1 Solution

suarezry
Builder

I'm not sure if you're referring to changing the certificate of your Identity Provider or your Splunk Service Provider. Take a look at the authentication.conf spec.

The settings you're looking for are idpCertPath, clientCert, and caCertFile.

View solution in original post

0 Karma

suarezry
Builder

I'm not sure if you're referring to changing the certificate of your Identity Provider or your Splunk Service Provider. Take a look at the authentication.conf spec.

The settings you're looking for are idpCertPath, clientCert, and caCertFile.

0 Karma

maffreitas
Path Finder

Thanks @suarezry, the question is regarding the Splunk Service Provider (SPmetadata.xml).

0 Karma

suarezry
Builder

Great, once you change the settings in your authentication.conf you'll have to restart your Splunk instance or reload the authentication config. Then you'll need to regenerate your SPmetadata.xml and confirm that XML has the new certs. Then you'll need to pass this to your IdP.

Let me know if you have any further questions. If not, please accept this answer.

0 Karma
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...