This doc, https://docs.splunk.com/Documentation/Splunk/8.1.0/Security/ConfigureauthextensionsforSAMLtokens, says that SAML_script_azure.py ships with Splunk Enterprise. It is nowhere to be found on the 8.1 installations I have. Anybody know where I can find it?
I tried azureScripted.py in $SPLUNK_HOME/share/splunk/authScriptSamples but it is not the same.
The requirement for using authentication extension via SAML to Azure SSO include:
For testing the SAML_script_azure.py use the following format:
/opt/splunk/bin/splunk cmd python3 /opt/splunk/etc/auth/scripts/SAML_script_azure.py getUserInfo < input.txt
Where the contents of the input.txt file is:
--username=<user name>
--password=**************
--scriptSecureArguments=clientId:<app id>;tenantId:<tenant id>;clientSecret<secret>
--userInfo=true
I can at least get a response from azure:
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2021-02-24T19:22:51",
"request-id": "********",
"client-request-id": "********"
}
}
}
splunk-8.1.2-545206cc9f70-linux-2.6-x86_64.rpm has the scripts. Contrary to the 8.1.0 docs that say they are included, I did not find them until I updated to 8.1.2