Hello.
I'm trying to configure the SAML authentication in a search head cluster (x3 peers). The configuration seems to be good since I can access with
SAML users, and I don't have any error in splunkd.log about SAML.
Now I'm with the tests, and for some reason, Splunk is ignoring the mapped roles. I mean; I have one SAML user (user1) and I give it the user role. I created a test app that only the admin role can read and write. When I login with user1, I can see the test app, access it and see all the content inside it. I try similar test with some other users, and every time, it's happening the same.
I checked in Splunk Answers for similar cases and found this:
https://answers.splunk.com/answers/227274/is-it-possible-to-use-saml-2-for-splunk-to-achieve.html
https://answers.splunk.com/answers/551201/shc-with-saml-authentication-role-update-on-existi.html
But none of those suggestions work for me. I tried:
defaultRoleIfMissing and blacklistedAutoMappedRoles with the same result.
The users exist in SAML and in Splunk (we have pending a migration), and I checked the roles in the local version and all of them have the user role.
Have I missed something? Any suggestions, please?
Regards.
... View more