Splunk Enterprise - SAML My Page SSO Configuration - RSA Ready Implementation Guide
Configure RSA Cloud Authentication Service
Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.Procedure
- Enable My Page SSO by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected using two-factor authentication - Password and Access Policy.
- On the Applications > Application Catalog page, click Create from Template.
- Click Select for SAML Direct.
- On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.
- On the Connection Profile page, click the IdP-initiated option.
- Provide the Service Provider details in the following format:
- ACS URL: <IP address :8000/saml/acs >
- Service Provider Entity ID: <Entity Id>
This Entity ID is a configurable value on Splunk.
Refer to the Configure Splunk Enterprise section to obtain ACS URL and Entity ID.
- In the SAML Request Protection section, select the SP signs SAML requests checkbox and upload the certificate that is obtained from the Splunk Enterprise platform.
- In the SAML Response Protection section, choose IdP signs assertion within response and select the Override default signing key and certificate checkbox.
- To generate the certificate, click Generate Cert Bundle and then extract the generated folder. Upload the private.key and cert.pem files.
- Click Show Advanced Configuration.
- Under the User Identity section, configure Identifier Type and Property. For example, Identifier Type: Auto Detect and Property: Auto Detect.
- Under the Statement Attributes section, add the following Attributes.
- Attribute Name: mail Attribute Source: Identity Source Property: mail
- Attribute Name: Role Attribute Source: Identity Source Property: virtualGroups
- Attribute Name: realName Attribute Source: Identity Source Property: userName
- Choose your desired Access Policy for this application and click Next Step > Save and Finish.
- On the My Applications page, click the Edit drop-down and select Export Metadata to download the metadata.
- Click Publish Changes. Your application is now enabled for SSO.
Configure Splunk Enterprise
Perform these steps to configure Splunk Enterprise.Procedure
- Sign in to Splunk Enterprise with administrator credentials.
- Navigate to Settings and click Authentication methods.
- Choose the SAML option and click SAML Settings.
- Click SAML Configuration.
- Under SAML Configuration, download the SP Metadata File (Download File), upload (Metadata XML File) the IdP Metadata file downloaded from RSA, and click Apply.
- In General Settings:
- IdP details are auto-filled.
- Entity ID: Provide a unique ID/value, which is used as Service Provider entity ID in RSA configuration. For example, SplunkEntityId.
- Select the Sign AuthnRequest checkbox.
- Under Advanced Settings, do the following:
- Name Id Format: Select Email Address in the drop-down list.
- Fully qualified domain name or IP of the load balancer: Provide IP address or FQDN of Splunk instance.
- Redirect port -load balancer port: Type 0.
- Click Save.
- Click New Group to create a new group.
- Provide the Group Name, add the required Splunk Roles, and Click Save.
- Navigate to Settings > Authentication methods and click Reload authentication configuration.
Notes
- Log on to Splunk Enterprise.
- Navigate to Settings > Authentication methods and click SAML Settings > New Group to create a new group.
On the RSA Cloud Administration Console, click Users > Management.
Search for the user and select the user.
RSA users need to be part of a Group Membership and the group value should be the same as Splunk Enterprise Group as shown in the preceding figure.
The configuration is complete.
Return to Splunk Enterprise - RSA Ready Implementation Guide.
