Hi,
I've been trying to make my Splunkweb able to login with SAML coming from Windows Azure AD, but even wasting few days on searching and diging in a lot of sites, communities and bad written docs I just can't make It Work.
This is what I have until now.
My Cloud Scenario in AWS is shown in the picture above (CLOUD)
I'm Using an AWS ELB with two listeners:
Port 80 to Splunk's 80
Port 443 (with certs) to Splunk's 80
My splunk web is running on port 80.
AZURE SIDE
In WAAD > Add an app from the gallery, choose Splunk and named it Splunk.
Once the app was added, I click on "Configure single sign-on".
On the Wizard
2.1. Click on "Microsoft Azure AD Single Sign-On".
SEE WIZARD1 in the picture on top
2.1. Now starts the guessing game, Why in the doc [Configure SSO with AzureAD or AD FS as your Identity Provider][3] The writer didn't just give examples of filling this fields? A Doc about Integration with AD tells nothing about the required information on the AD side to an APP provided by the Splunk It self.
SEE WIZARD2 in the picture on top
In the field "SIGN ON URL" there'1s an example to use, unbelievable win, but how about "IDENTIFIER" and "REPLY URL" ?
The Azure Wizard Help tells me this about them:
IDENTIFIER
The Identifier should uniquely identify the application for which single sign on is being setup. Typically this is also a value that azure will send back to application as 'audience' of authentication token and the application is expected to validate it. This is also referred to as the "Entity Id" in SAML.
REPLY URL
The reply URL is where the application expects to receive the authentication token. This is also referred to as the "Assertion Consumer Service" (ACS) URL in SAML.
"Entity Id" and "ACS" in SAML
The guessing game leaded me to get data in a path http s://mysplunkweb/saml/spmetadata. It tells me this about the fields I mentioned above.
entityID="splunkEntityId" - what it means?
Location="http ://sso1:80/saml/acs" - May I assume "http ://mysplunkweb:80/saml/acs" ?
Continuing the Guessing game, I filled like this.
SIGN ON URL: http s://mysplunkweb/en-US/app/launcher/home
IDENTIFIER: urn:oasis:names:tc:SAML:2.0:metadata
REPLY URL: http s://mysplunkweb:80/saml/acs
2.3. In the 3rd step I download the FederationMetadata.xml to upload on my Splunkweb.
* Honorable Mention to the link "View Splunk configuration instructions" that days ago leaded to another app, today leads to nowhere, and tomorrow who knows.
SEE WIZARD3 in the picture on top
2.4. Once uploaded on Splunkweb I click "next", then Finish.
SPLUNKWEB SIDE
On Splunkweb
Now the documentation is useful.
Settings > Access Controls > Authentication method > Mark "SAML" and click on "Configure Splunk to use SAML"
Click on "SAML Configuration". Opening a form where the first thing is upload the FederationMetadata.xml mentioned in a previous step.
This Action fills the fields: "Single Sign On (SSO) URL", "Single Log Out (SLO) URL" and "IdP certificate path" but not "Entity ID", which tells on mouse hover the Icon "?" "This is your Splunk Instalation". What it means?
The Documentation says "This field is the entity ID as configured in the SP connection entry in your IdP." If this is in the FederationMetada why doesn't fills like the rest? nvm..
Fill Entity ID with http s://sts.windows.net/MyDirectoryID/ found in federationmetadata.
Fill the rest of the fields as documented.
Advanced Settings
Attribute Alias Role: http ://schemas.microsoft.com/ws/2008/06/identity/claims/role
Attribute Alias Real Name: http ://schemas.microsoft.com/identity/claims/displayname
Attribute Alias Mail: http ://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Fully qualified domain name or IP of the load balancer: Empty
Redirect port - load balancer port: Empty
Redirect to URL after logout: Empty
Conclusion
I assigned the app to my User in AD, but when I try to access the app on my directory It shows me the this error:
Correlation ID: 2702cb32-ee6a-4f57-a250-e4da5ea4cc32
Timestamp: 2016-06-23 18:01:11Z
AADSTS70001: Application with identifier 'http s://sts.windows.net/xxxx/' was not found in the directory xxxx
... View more