Security

No valid splunk role found in local mapping? (AD FS, SAML, SSO)

michaelba
Explorer

Splunk,

After completing Active Directory Federation Services (ADFS), our role mappings are not recognized. What are we overlooking?

alt text

Here’s the authentication.conf, the role mapping is declared at the bottom:
alt text

In AD FS, the relying part transformation rules are:

The NameId claim transformation:

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"]
 => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient");

The Role and realName claim:

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", "realName"), query = ";tokenGroups,displayName;{0}", param = c.Value);
0 Karma
1 Solution

michaelba
Explorer

We found the issue:

  1. In Active Directory, the group splunkadmin needs to be a Global group type.
  2. Logoff the machine and log back so the user's profile could be refreshed with the new group enrollment.

View solution in original post

michaelba
Explorer

We found the issue:

  1. In Active Directory, the group splunkadmin needs to be a Global group type.
  2. Logoff the machine and log back so the user's profile could be refreshed with the new group enrollment.

richgalloway
SplunkTrust
SplunkTrust

If your problem is resolved, please accept the answer.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...