Splunk Enterprise

AWS Cognito Configuration using SAML

rkeq0515
Path Finder

I am trying to use AWS Cognito to authenticate to a Splunk dashboard using SAML.  There is a lot of information on configuring Cognito with other vendors,  but not a lot of information on how to do this with Splunk.  I have been trying to piece together settings from various documents I found during my research, but I don't know a lot about SAML.

I downloaded the Splunk Metadata file and uploaded it in Cognito, but I get an error stating  "We were unable to create identity provider: No IDPSSODescriptor found in metadata for protocol urn:oasis:names:tc:SAML:2.0:protocol and entity id splunkEntityId ."  I didn't see any IDPSSODescriptor in the uploaded file, which leads me to believe this may be incompatible.

My Splunk SAML setting is as follows:

[saml]
entityId = urn:amazon:cognito:sp:<my cognito pool id>
fqdn = testdashboardlb-79456348.us-east-1.elb.amazonaws.com  <-- This is my load balancer
idpSLOUrl = https://testdashboard.auth.us-east-1.amazoncognito.com/saml2/logout
idpSSOUrl = https://testdashboard.auth.us-east-1.amazoncognito.com/saml2/idpresponse
inboundDigestMethod = SHA1;SHA256;SHA384;SHA512
inboundSignatureAlgorithm = RSA-SHA1;RSA-SHA256;RSA-SHA384;RSA-SHA512
issuerId = urn:amazon:cognito:sp:my cognito pool id>
lockRoleToFullDN = true
redirectAfterLogoutToUrl = testdash.xxxxxxxxx.com
redirectPort = 443
replicateCertificates = false
signAuthnRequest = false
signatureAlgorithm = RSA-SHA1
signedAssertion = true
sloBinding = HTTP-POST
ssoBinding = HTTP-POST

[authentication]
authSettings = saml
authType = SAML

 

I can authenticate and enter my MFA token.  After that, I receive an error "Required String parameter 'SAMLResponse' is not present."

Any help is appreciated.

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...