Problem:
After setting up SAML configuration, when logging into the UI you are presented with the following error also logged in splunkd.log:
05-25-2017 15:19:13.453 +0000 ERROR UiSAML - Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert :/opt/splunk/etc/auth/idpCerts/idpCert.pem;
Environment:
IdP: Ping Identity
Splunk 6.6.0
Linux x86 _64
This was happening because the certificate that got sent across in the assertion is just a leaf certificate. You will need to upload the root, intermediate and leaf certificate from the idP to Splunk for us to verify its validity.
This can be done from the UI > access controls -> authentication method -> saml settings -> configure SAML > IdP certificate chains
-----BEGIN CERTIFICATE-----
... (the root certificate for the CA)...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
... (the intermediate certificate)...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
... (the leaf certificate)...
-----END CERTIFICATE-----
Once you do that, Splunk will create a new directory
Splunk will create this idpCertChain_1 directory and put the root cert as cert_1.pem, the intermediate cert as cert_2.pem, and the leaf cert as cert_3.pem
splunk@sh1:~/etc/auth/idpCerts/idpCertChain_1$ pwd
/opt/splunk/etc/auth/idpCerts/idpCertChain_1
splunk@sh1:~/etc/auth/idpCerts/idpCertChain_1$ ls
cert_1.pem cert_2.pem cert_3.pem
Then you will just have to remove the idpCert.pem in etc/auth/idpCerts and it will be a valid chain.
This was happening because the certificate that got sent across in the assertion is just a leaf certificate. You will need to upload the root, intermediate and leaf certificate from the idP to Splunk for us to verify its validity.
This can be done from the UI > access controls -> authentication method -> saml settings -> configure SAML > IdP certificate chains
-----BEGIN CERTIFICATE-----
... (the root certificate for the CA)...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
... (the intermediate certificate)...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
... (the leaf certificate)...
-----END CERTIFICATE-----
Once you do that, Splunk will create a new directory
Splunk will create this idpCertChain_1 directory and put the root cert as cert_1.pem, the intermediate cert as cert_2.pem, and the leaf cert as cert_3.pem
splunk@sh1:~/etc/auth/idpCerts/idpCertChain_1$ pwd
/opt/splunk/etc/auth/idpCerts/idpCertChain_1
splunk@sh1:~/etc/auth/idpCerts/idpCertChain_1$ ls
cert_1.pem cert_2.pem cert_3.pem
Then you will just have to remove the idpCert.pem in etc/auth/idpCerts and it will be a valid chain.
Hello.., Eventhough i updated the chain certificates i am getting below error
“Verification of SAML assertion using the IDP's certificate provided failed. Cannot load certificate - /apps/splunk/etc/auth/idpCerts/.0, unrecognized file type.Error: Failed to verify signature with cert :/apps/splunk/etc/auth/idpCerts/idpCertChain_1;”
Any inputs would be helpful
I got this error.
"Failed to load trusted certificate Cannot load certificate - unrecognized file type Verify the full path including the filename is correct and points to the certificate from the IDP"
I imported cert chain number of times but no luck.
Any help would be appreciated.
Thank you! This fixed my issue with chained certificates and SAML.
Hello, first of all thank for the tip.
I did the workaround on Splunk 6.6.1 / Linux X86_64 but the problem persists.
Error message:
Failed to load trusted certificate {$SPLUNK_HOME/etc/auth/idpCerts/idpCertChain_1} Error: failed to load pem certificate from file=$SPLUNK_HOME/etc/auth/idpCerts/idpCertChain_1/cert_1.pem Verify the full path including the filename is correct and points to the certificate from the IDP.
Any tip will be very welcome. Thanks in advance.
I got the same error.
"Failed to load trusted certificate Cannot load certificate - unrecognized file type Verify the full path including the filename is correct and points to the certificate from the IDP"
I imported cert chain number of times with but no luck.
Any update on this ?
I got this error too. Were you able to overcome the problem ?
01-08-2019 19:30:25.642 +0000 ERROR XmlParser - func=xmlSecOpenSSLAppKeysMngrCertLoad:file=app.c:line=872:obj=unknown:subj=xmlSecOpenSSLAppKeysMngrCertLoadBIO:error=1:xmlsec library function failed:filename=/opt/splunk/etc/auth/idpCerts/idpCertChain_1/cert_1.pem
01-08-2019 19:30:25.642 +0000 ERROR Saml - Unable to load cert at: /opt/splunk/etc/auth/idpCerts/idpCertChain_1
01-08-2019 19:30:25.642 +0000 ERROR UiSAML - Failed to load trusted certificate {/opt/splunk/etc/auth/idpCerts} Error: failed to load pem certificate from file=/opt/splunk/etc/auth/idpCerts/idpCertChain_1/cert_1.pem
Have the same issue. Did you solve it on your side? @smitra_splunk