Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Using Auth0 for SAML

ilyaresh
Path Finder
‎06-19-2019 07:17 PM

I've created this guide about Integrating Splunk with Auth0 for SAML authentication
http://isbyr.com/configure-splunk-sso-with-auth0-as-your-identity-provider

0 Karma
Reply

jawaharas
Motivator
‎06-21-2021 05:08 AM

@ilyaresh Thanks for the guide. I followed the steps. But, I am getting below error when I hit my Splunk instance URL. Can you please assist?

invalid_request: The SAML Request AssertionConsumerServiceURL is invalid: 'https://my-splunk-domain.com/saml/acs'

0 Karma
Reply

mattcosa
Explorer
‎08-11-2021 06:00 AM

@jawaharas I got a little further than you.

The Allowed Callback URLs in the auth0 application is where I configured the URI for our search head.

mattcosa_0-1628686590099.png

 

This URI should match the same URI of the FQDN specified in the Splunk SAML config page:

mattcosa_1-1628686745807.png


Let me know how you go.

I'm stuck at this point after authenticating.

 

mattcosa_2-1628686808718.png

 



Tags (2)
0 Karma
Reply

jawaharas
Motivator
‎08-13-2021 07:24 PM

@mattcosa 

Thanks for the response. I've managed to successfully authenticate Splunk using 'Auth0' a few weeks ago. Happy to share the config if required. 

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...