I encounter this issue with the same error message and suffer for few weeks. There are two way to login with SAML SSO, IDP-Initiated SSO and SP-Initiated SSO. And this error only happen on SP-Initiated SSO.
Here is the symptom I saw:
1. Error message from splunk side:
IDP failed to authenticate request. Status Message="" Status Code="Responder"
And if you try to open SSO page, then will still be auto-redirected to Splunk with same error. The only way to escape this loop is to clear all the browser data then open SSO page, which means you can only login with IDP-Initiated SSO.
2. Error message from ADFS server side:
Event ID 364: Encountered error during federation passive request
I take two action to solve this problem(thanks for splunk support and my IT member):
Enable "signAuthnRequest", which is totally different way with the answer here.
Make sure step 27 and 28 on the doc: https://www.splunk.com/blog/2016/09/14/configuring-microsofts-adfs-splunk-cloud.html is well configured. Especially SigningCertificateRevocationCheck=None.
After doing that, both IDP-Initiated SSO and SP-Initiated SSO are working.
... View more