Solved: Splunk SAML Assertion X509Certificate

maffreitas · ‎11-24-2017

Hi all,

Do you know the procedure to change the SAML Assertion X509Certificate (= server.pem) for a certificate signed by a third-party?

Regards.

suarezry · ‎11-24-2017

I'm not sure if you're referring to changing the certificate of your Identity Provider or your Splunk Service Provider. Take a look at the authentication.conf spec.

The settings you're looking for are idpCertPath, clientCert, and caCertFile.

View solution in original post

suarezry · ‎11-24-2017

I'm not sure if you're referring to changing the certificate of your Identity Provider or your Splunk Service Provider. Take a look at the authentication.conf spec.

The settings you're looking for are idpCertPath, clientCert, and caCertFile.

maffreitas · ‎11-24-2017

Thanks @suarezry, the question is regarding the Splunk Service Provider (SPmetadata.xml).

suarezry · ‎11-24-2017

Great, once you change the settings in your authentication.conf you'll have to restart your Splunk instance or reload the authentication config. Then you'll need to regenerate your SPmetadata.xml and confirm that XML has the new certs. Then you'll need to pass this to your IdP.

Let me know if you have any further questions. If not, please accept this answer.

Splunk SAML Assertion X509Certificate

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation