Splunk SSO: server side certificate rotation proce...

jpillai · ‎03-30-2024

Hi all,

Im trying to understand how rotation certificates used for SSO works in a search head cluster. We have a searchhead cluster where we have SSO working already. As for initial setup, I understand we can download SPmetadata.xml file from splunk SAML settings page. However, during rotation, how do we create this as we are using a cert thats already existing and we want to rotate the server side certificate?

If we just download SPmetadata.xml for creating request for IDP, this will have same cert as we are using. If we rotate the cert first at our side so we can download SPmetadata.xml to create request for IDP, then this will end up in error as IDP wont detect server side certificate during this, obviously.

PaulPanther · ‎04-03-2024

Hi @jpillai

you have only the option to switch the certificate at the same time on both ends (Splunk & IDP provider).

Just for a certificate replacement you don't need the SPmetadata.xml if the other parameter won't be change.

Create the certificate, hand over the certificate chain to the IDP colleagues, agree a time window for the renewal and then do it.

Splunk SSO: server side certificate rotation process

administration

configuration

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...