Splunk Search Head Integration with SAML

keishamtcs · ‎05-28-2020

Hi All,

I have 4 SH cluster members for which i have to integrate SAML. Our AD team is asking the below information reply URL.

Do i need to give all the 4 url ?
Also do i need to configure the SAML on all 4 SH UI ? please do share your thoughts.

SAML-based Sign-on Attributes Value -

Reply URL (Assertion Consumer Service URL)

https://searchhead1.group.com/saml/acs
https://searchhead2.group.com/saml/acs
https://searchhead3.group.com/saml/acs
https://searchhead4.group.com/saml/acs

richgalloway · ‎05-28-2020

I don't have an answer for the Reply URL, but yes, you need to configure SAML on all SHs. Don't use the UI, however, push an app from your deployer.

---
If this reply helps you, Karma would be appreciated.

keishamtcs · ‎05-29-2020

Thanks..can you please give some pointer on how to use as an app for the SAML config?

richgalloway · ‎05-29-2020

Perhaps the easiest way is first to configure SAML on your deployer. Then copy the $SPLUNK_HOME/etc/system/local/authentication.conf file to $SPLUNK_HOME/etc/shcluster/apps/org_SAML_auth/default. Use the splunk apply shcluster-bundle command to send the app to SHC members. After that is done you can turn off SAML on the deployer, if you wish.

---
If this reply helps you, Karma would be appreciated.

Splunk Search Head Integration with SAML

search head

search head clustering

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application