We are trying to configure SAML integration for our Splunk On-Premise instance with our identity provider. Per the document, when we upload IDP Metadata, Splunk automatically creates "idpCert.pem" in /etc/auth/idpCerts/ directory.
The certificate in the "idpCert.pem" is the signing certificate that we configured at our IdP. To check that certificate is saved properly, we make a copy of it some other location ourside Splunk install directory, rename it as "idpCert.crt" and open it. Windows shows the details of the certificate.
Rest of the configuration for SAML is all fine. We are able to authenticate successfully if we disable SAML Signature Verification in authenticate.conf. But when we enable signature verification it fails with the message "Verification of SAML assertion failed".It lists "idpCert.pem" in the path.
Alternative solution discovered through self debugging and trial & error:
Modify the "idpCert.pem" to save CA certificate of the signing certificate. With this, saml assertion signature verification passes.
Question:
1. If idpCert.pem is to contain the signing certificate that Splunk parses from IdP Metadata XML, then why is signature verification failing
2. Signature verification fails even when "idpCert.pem" is modified to contain certificate chain. I created this using below command:
cat signingcert.pem signingcertCA.pem > idpCert.pem and copied this file to /etc/auth/idpCerts . But it still fails with the same message
3. Does Splunk need IdP signing cert or CA cert or both? If both, is our certificate chain creation process wrong? If it needs CA certificate only, then why is Splunk creating idpCert.pem with the signing certificate from the metadata?
Regards,
Umesh
↧