Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is Splunk planning on supporting Google Apps as an IPD for SAML V2?

gordogre
Engager
‎12-15-2015 11:38 AM

Google Apps somewhat recently extended their SAML support1 to allow for custom SAML integrations2.

I attempted to configure Splunk Enterprise 6.3.1 to act as a SAMLv2 Service Provider using Splunk Web, but ran into some problems that appear to be Splunk bugs, and then determined that I most likely could not complete the configuration due to limitations within Splunk.

I initially attempted to import an IDP metadata file from Google, which failed with the message:

"Unable to parse the payload received as a part if idp metadata file or xml."

I then tried to import the same xml by pasting the xml into the text box - same result. (Note: I did validate the xml elsewhere and it passed).

Then I tried entering the required values into the web form, but noticed that the web form appeared to be requiring the Attribute Query URL, even though it is indicated as optional, and as far as I know there is no relevant Attribute Query URL for Google Apps as an IDP.

Beyond this, on the Google side, Google requires that you provide an SP ACS URL and an SP Entity Id. I could not determine how I could derive these values from my Splunk instance.

I've also seen a few mentions in the Splunk documentation that indicate that full support for SAML is really only intended for Okta and PingIdentity.

My question is therefore whether there are any plans to support additional IDP's, and specifically Google Apps.

Thanks.

Reply

suarezry
Builder
‎06-17-2016 04:50 AM

There is a workaround to configure Splunk SAML without Attribute queries:
https://answers.splunk.com/answers/403964/native-saml-authentication-with-shibboleth-idp.html

I found it was easier to work with $SPLUNK_HOME/etc/system/local/authentication.conf directly than using their web form.

0 Karma
Reply

freaklin
Path Finder
‎06-16-2016 02:42 PM

There's a lot of questions about SAML and SSO right here... couldn't any Splunk Staff write a really useful documentation about this? They're making us waste a lot of time due to the missing information.

Reply

abrice
Explorer
‎02-26-2016 07:54 AM

The assertion consumer service URL is: /saml/acs
The SP ID I think can be anything you want so long as it matches whats configured on the IDP.

The metadata can be retrieved by doing the following:

First login with a splunk local admin account by hitting the following URL: /account/login?loginType=Splunk
Once authenticated you can hit the metadata URL: /saml/spmetadata

Splunk should really update their documentation on setting up SAML with their product. The ACS URL is essential in setting up a SAML partnership.

Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...