Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Verification of SAML assertion using cert failed

splunkgk
Path Finder
‎05-17-2017 12:07 AM

I have configured SAML SSO with Onelogin. My splunk app http://:8000/ is redirecting succusfully to Assertion consumer URL but getting an error message on spunk login page which does not allowing me to login with onelogn credentials

"Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert :/opt/splunk/etc/auth/idpCerts/idpCert.pem;"

I have copied IdPCert.pem in required path /etc/auth/IdPCerts/

Does any one know who do i fix this?

-Thanks

Tags (1)
0 Karma
Reply

worshamn
Contributor
‎12-19-2019 07:29 AM

I have had this issue where one of the certs had expired. In $SPLUNK_HOME/etc/auth/idpCerts, splunk creates a folder called idpCertChain_1 where it breaks apart the cert you pasted (IdP certificate chains--these are the signing certs from your SSO provider--this can often be found in a metadata file from the provider or sometimes they just outright have a way for you to download it) from the setup into various certs and calls them cert_1.pem, cert_2.pem, ... etc. cert_1.pem is the root CA, cert_2.pem would be an issuing CA if applicable--if not would be the main cert from the IdP (fancy name for single sign on provider). You can check the certs out using $SPLUNK_HOME/bin/splunk cmd openssl x509 -noout -text -in cert_1.pem to see when it expires, adding -endate will print that line last like so:

$SPLUNK_HOME/bin/splunk cmd openssl x509 -noout -text -in $SPLUNK_HOME/etc/auth/idpCerts/idpCertChain_1/cert_1.pem -enddate

Updating the cert with one that was not expired fixed the issue in my case.

0 Karma
Reply

raomu
Explorer
‎05-01-2018 08:59 PM

You need to generate the Cert file information from Onelogin. Then paste the same cert information under -IdP certificate chains box under "Configure Splunk to use SAML" .

0 Karma
Reply

stsamson005
Engager
‎11-23-2018 01:10 PM

How do you generate the Cert file from onelogin?

0 Karma
Reply

shwetas
Explorer
‎12-18-2019 08:31 PM

HI All,

Would like to clarify for SAML do we have to bring separate istance for configuration,OR just ADFS server and Splunk configured with SAML will do.

I am totally confuse from documentation.Any help with respect to enabling SSO in splunk will help.

Regards,
Shweta

0 Karma
Reply

suarezry
Builder
‎05-01-2018 07:52 AM

Please post your $SPLUNK_HOME/etc/system/local/authentication.conf

0 Karma
Reply

raomu
Explorer
‎02-13-2018 09:46 PM

I am facing the same issue wondering if you got this resolved ? if yes? please share some tips.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...