Splunk SOAR (f.k.a. Phantom)

Splunk Phantom SAML SAML2 authentication error Signature missing for response

eugeneAq
Engager

We were configuring our phantom instance for saml sso login and we are encountering the following error.

SAML2 authentication error

Signature missing for response

We have already configured every field here.
Are we missing anything? Would we need to configure the idp chains or certficates.

0 Karma

ramanpuri2510
Loves-to-Learn Lots

Hi I am doing OKTA SAML integration with Phantom and getting the below error.

SAML2 Authentication Error'NoneType' object has no attribute 'require_signature

Can i know if any option to make the AuthnRequestsSigned="true to false? or any other suggestions.. I have tried disabling the signing on both okta and phantom

0 Karma

sam_splunk
Splunk Employee
Splunk Employee

It sounds like your IdP is not signing the assertion.  You'll want to want to ensure that is occuring. You can install a browser plugin like SAML-TRACER  to view the assertions as they make their way to Phantom to ensure the signature is present. 

While it may not be your IDP - https://github.com/phantomcyber/phantom-community-projects/blob/master/Questions/SSO/SAML/PingFedera... has some details of setting up SSO with SAML (that doc is PingFederate specifically).

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...