We do not have SSL cert for our splunk instance. However, I have SSL cert of the federation URL copied under each search head server under this path $SPLUNK_HOME/etc/auth/idpCerts/
Below is the saml configuration from authentication.conf
[saml]
allowSslCompression = true
attributeQueryRequestSigned = false
attributeQueryResponseSigned = false
attributeQueryTTL = 3600
entityId = WebPortalSplunk
fqdn = http://webportalsplunk
idpSSOUrl = https://federationuat.client.bcorp.com/idp/startSSO.ping?PartnerSpId=WebPortalSplunk
maxAttributeQueryQueueSize = 100
maxAttributeQueryThreads = 2
redirectPort = 8000
signAuthnRequest = false
signedAssertion = false
sslVerifyServerCert = false
sslVersions = SSL3,TLS1.0,TLS1.1,TLS1.2
Thanks
... View more