I have configured SAML SSO with Onelogin. My splunk app http://:8000/ is redirecting succusfully to Assertion consumer URL but getting an error message on spunk login page which does not allowing me to login with onelogn credentials
"Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert :/opt/splunk/etc/auth/idpCerts/idpCert.pem;"
I have copied IdPCert.pem in required path /etc/auth/IdPCerts/
Does any one know who do i fix this?
You need to generate the Cert file information from Onelogin. Then paste the same cert information under -IdP certificate chains box under "Configure Splunk to use SAML" .
Would like to clarify for SAML do we have to bring separate istance for configuration,OR just ADFS server and Splunk configured with SAML will do.
I am totally confuse from documentation.Any help with respect to enabling SSO in splunk will help.
I have had this issue where one of the certs had expired. In $SPLUNKHOME/etc/auth/idpCerts, splunk creates a folder called idpCertChain1 where it breaks apart the cert you pasted (IdP certificate chains--these are the signing certs from your SSO provider--this can often be found in a metadata file from the provider or sometimes they just outright have a way for you to download it) from the setup into various certs and calls them cert1.pem, cert2.pem, ... etc. cert1.pem is the root CA, cert2.pem would be an issuing CA if applicable--if not would be the main cert from the IdP (fancy name for single sign on provider). You can check the certs out using $SPLUNKHOME/bin/splunk cmd openssl x509 -noout -text -in cert1.pem to see when it expires, adding -endate will print that line last like so:
$SPLUNK_HOME/bin/splunk cmd openssl x509 -noout -text -in $SPLUNK_HOME/etc/auth/idpCerts/idpCertChain_1/cert_1.pem -enddate
Updating the cert with one that was not expired fixed the issue in my case.