Create SAML Group

  1.  In the Settings menu, select Access Controls > Authentication method.
  2.  Select SAML as your authentication type. 
  3.  Click Configure Splunk to use SAML. 
  4.  On the SAML Groups page, click New Group or click Edit for a group you want to modify. 
  5.  Provide a name for the group. 
  6.  Determine the roles that you want to assign to this group by moving the desired roles from the left column to the right column. 
  7.  Click Save. 

SAML Configuration

  1. Click SAML Configuration
  2. Select the IDP metadata file downloaded from the previous step. Or copy the content and paste it into the IdP "Metadata Contents" field. 
  3. The SSO URL filed will be auto-populated by IDP metadata. However, if users encounter error message "session time out" error once redirected to DualShield SSO login. then change the SSO URL to: 

    http(s)://DualShieldFQDN:8074/appsso/login/kvps/DASApplicationName/SplunkName 

  4. There is a known bug below in Splunk v6.5.2 during verify SAML response. 

    To work around this bug, deselect the option "Verify SAML Response". However, If you prefer to verify SAML response, then check the last section "Verify SAML Response using the IdP's CA certificate".  

  5. In the "Entity ID" field, provide an ID for the the SP, e.g "Splunk"

  6. Click Save. 

Download Splunk Metadata

 Upon successfully completed SAML configuration on Splunk, SP Metadata will be ready for download. 


  1. Open SAML configuration panel again and click Download File in SP Metadata file filed.

 

Verify SAML Response using the IdP's CA certificate

  1. Download the IdP CA certificate from the DualShield Management Console
  2. Copy the CA certificate just downloaded to your Splunk server in the path Splunk/etc/auth/idpCerts/. The default name for the certificate is SSO Server.crt.
  3. In the Splunk SAML configuration, change the "IdP certificate path" to "SSO Server.crt" 
  4. Click Save.