How to change the username when migrating to saml ...

klim · ‎01-25-2024

I am switching from local auth to saml authentication and when logging in, the username is now a random string. How do I get it to be the "nickname" or friendly name that is provided in the saml response? Is there a way to override the field in the saml stanza in the authentication.conf file?

Changing the realName field in the authenticationResponseAttrMap_SAML stanza in the authentication.conf doesn't actually change the username.

If it is not possible, how would I transfer knowledge objects to the "new" users.

tscroggins · ‎01-27-2024

Hi @klim,

I don't have an active IdP to validate, but as I recall, you would specify your preferred mapping as the Name ID format/attribute in the SAML IdP and not in the SAML SP (Splunk).

Home directories can be managed at the file system level in $SPLUNK_HOME/etc/users by renaming directories.

Ownership of most knowledge objects can be changed from Settings > All Configurations > Reassign Knowledge Objects.

For the few objects that can't be reassigned via the user interface, you'll need to update all instances of $SPLUNK_HOME/etc/apps/*/metadata/*.meta as needed.

How to change the username when migrating to saml authentication

authentication

SAML

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Are you a member of the Splunk Community?