About msteffl

msteffl · ‎10-15-2024

I checked your post. the IDP certificate is a self signed certificate. So it is not chained. So no root or intermediate certificate available

msteffl · ‎10-14-2024

Hi sainag, thanks for response. No we are not using scripted authentication. The pasted authentication.conf above it the complete config. I am also not able to see the log Unknown role 'ldap_user" What I figured out: I changed the default reply URL to https://<instance>.westeurope.cloudapp.azure.com/saml/acs instead of https://<instance>.westeurope.cloudapp.azure.com/en-GB/account/login And now this error is gone: (that is maybe responsible for the evalutaion of the attributes)? BUT now I get different Error: 10-14-2024 15:31:01.405 +0000 ERROR XmlParser [4858 webui] - func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=342:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/CN=SSO-Certificate; issuer=/C N=SSO-Certificate; err=20; msg=unable to get local issuer certificate 10-14-2024 15:31:01.405 +0000 ERROR XmlParser [4858 webui] - func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=381:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/CN=SSO-Certificate; issuer=/CN=SSO-Certif icate; err=20; msg=unable to get local issuer certificate 10-14-2024 15:31:01.405 +0000 ERROR XmlParser [4858 webui] - func=xmlSecOpenSSLKeyDataX509VerifyAndExtractKey:file=x509.c:line=1505:obj=x509:subj=unknown:error=72:certificate is not found:details=NULL 10-14-2024 15:31:01.405 +0000 ERROR XmlParser [4858 webui] - func=xmlSecOpenSSLKeyDataX509XmlRead:file=x509.c:line=654:obj=x509:subj=xmlSecOpenSSLKeyDataX509VerifyAndExtractKey:error=1:xmlsec library function failed: 10-14-2024 15:31:01.405 +0000 ERROR XmlParser [4858 webui] - func=xmlSecKeyInfoNodeRead:file=keyinfo.c:line=114:obj=x509:subj=xmlSecKeyDataXmlRead:error=1:xmlsec library function failed:node=X509Data 10-14-2024 15:31:01.405 +0000 ERROR XmlParser [4858 webui] - func=xmlSecKeysMngrGetKey:file=keys.c:line=1227:obj=unknown:subj=xmlSecKeyInfoNodeRead:error=1:xmlsec library function failed:node=KeyInfo 10-14-2024 15:31:01.405 +0000 ERROR XmlParser [4858 webui] - func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=790:obj=unknown:subj=unknown:error=45:key is not found:details=NULL 10-14-2024 15:31:01.405 +0000 ERROR XmlParser [4858 webui] - func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=503:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: 10-14-2024 15:31:01.405 +0000 ERROR XmlParser [4858 webui] - func=xmlSecDSigCtxVerify:file=xmldsig.c:line=341:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec library function failed: 10-14-2024 15:31:01.405 +0000 ERROR Saml [4858 webui] - Error: failed to verify signature with cert :/opt/splunk/etc/auth/idpCerts/idpCert.pem; 10-14-2024 15:31:01.405 +0000 ERROR Saml [4858 webui] - Unable to verify Saml document 10-14-2024 15:31:01.405 +0000 ERROR UiSAML [4858 webui] - Verification of SAML assertion using the IDP's certificate provided failed. Error: failed to verify signature with cert are these errors somehow related? Any ides how to fix that ? How can I turn on debug for SAML ?

msteffl · ‎10-14-2024

We setup a SAML login with Azure AD for our self hosted Splunk Enterprise. When we try to login we are redirected to https://<instance>.westeurope.cloudapp.azure.com/en-GB/account/login which displays a blank page with {"status":1} So login seems somehow to work but after that it gets stuck in this page and in the splunkd.logs I can see the following Error message: "ERROR UiAuth [28137 TcpChannelThread] - user= action=login status=failure reason=missing-username" so it sounds that there is maybe something wrong in the claims mapping ? here is my local/authentication.conf [roleMap_SAML] admin = test [splunk_auth] constantLoginTime = 0.000 enablePasswordHistory = 0 expireAlertDays = 15 expirePasswordDays = 90 expireUserAccounts = 0 forceWeakPasswordChange = 0 lockoutAttempts = 5 lockoutMins = 30 lockoutThresholdMins = 5 lockoutUsers = 1 minPasswordDigit = 0 minPasswordLength = 8 minPasswordLowercase = 0 minPasswordSpecial = 0 minPasswordUppercase = 0 passwordHistoryCount = 24 verboseLoginFailMsg = 1 [authentication] authSettings = saml authType = SAML [authenticationResponseAttrMap_SAML] mail = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress realName = http://schemas.microsoft.com/identity/claims/displayname role = http://schemas.microsoft.com/ws/2008/06/identity/claims/groups [saml] caCertFile = /opt/splunk/etc/auth/cacert.pem clientCert = /opt/splunk/etc/auth/server.pem entityId = <instance>.westeurope.cloudapp.azure.com fqdn = https://<instance>.westeurope.cloudapp.azure.com idpCertExpirationCheckInterval = 86400s idpCertExpirationWarningDays = 90 idpCertPath = idpCert.pem idpSLOUrl = https://login.microsoftonline.com/<tentantid>/saml2 idpSSOUrl = https://login.microsoftonline.com/<tentantid>/saml2 inboundDigestMethod = SHA1;SHA256;SHA384;SHA512 inboundSignatureAlgorithm = RSA-SHA1;RSA-SHA256;RSA-SHA384;RSA-SHA512 issuerId = https://sts.windows.net/<tentantid>/ lockRoleToFullDN = true nameIdFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress redirectPort = 0 replicateCertificates = true signAuthnRequest = false signatureAlgorithm = RSA-SHA1 signedAssertion = true sloBinding = HTTP-POST sslPassword = <pw> ssoBinding = HTTP-POST does anyone has a hint what could go wrong in our setup? Thanks in advance!

Posts	3
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎10-14-2024

Online Status	Offline
Date Last Visited	‎10-15-2024 02:49 AM

SAML login with Azure AD failes cause of missing-u...

Re: SAML login with Azure AD failes cause of missi...

Re: SAML login with Azure AD failes cause of missi...

SAML login with Azure AD failes cause of missing-u...