Re: Where is SAML_script_azure.py?

thormanrd · ‎02-23-2021

This doc, https://docs.splunk.com/Documentation/Splunk/8.1.0/Security/ConfigureauthextensionsforSAMLtokens, says that SAML_script_azure.py ships with Splunk Enterprise. It is nowhere to be found on the 8.1 installations I have. Anybody know where I can find it?

I tried azureScripted.py in $SPLUNK_HOME/share/splunk/authScriptSamples but it is not the same.

thormanrd · ‎02-24-2021

The requirement for using authentication extension via SAML to Azure SSO include:

App Registration (SSO via SAML)
App/client secret token
Application API permissions

For testing the SAML_script_azure.py use the following format:

/opt/splunk/bin/splunk cmd python3 /opt/splunk/etc/auth/scripts/SAML_script_azure.py getUserInfo < input.txt

Where the contents of the input.txt file is:

--username=<user name>

--password=**************

--scriptSecureArguments=clientId:<app id>;tenantId:<tenant id>;clientSecret<secret>

--userInfo=true

I can at least get a response from azure:

"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2021-02-24T19:22:51",
"request-id": "********",
"client-request-id": "********"
}
}
}

thormanrd · ‎02-23-2021

splunk-8.1.2-545206cc9f70-linux-2.6-x86_64.rpm has the scripts. Contrary to the 8.1.0 docs that say they are included, I did not find them until I updated to 8.1.2

Where is SAML_script_azure.py?

authentication

SAML

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation