In our case we were configuring Splunk for SAML authentication with Ping as the identity provider (IDP) with Splunk Enterprise version 8.2.7.1. After extensive troubleshooting we discovered that we needed a few check boxes in the Ping certificate configuration. INCLUDE THE CERTIFICATE IN THE SIGNATURE <KEYINFO> ELEMENT INCLUDE THE RAW KEY IN THE SIGNATURE <KEYVALUE> ELEMENT We discovered this after comparing the SAMLResponse between a working and non-working environment and noticing that the KeyInfo data was missing in the <ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>[CERTIFICATE TEXT REDACTED]
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>[MODULUS TEXT REDACTED]
</ds:Modulus>
<ds:Exponent>AQAB
</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
... View more