Realizing SAML authentication using Auth0 (Splunk Cloud)

Security business menu

Security business
HOME

To be elected
cause

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

TOP

Products/Services

product
- Okta Workforce Identity
- Auth0

Specifications/Technical Information

Specifications/Technical Information
- Okta Workforce Identity Basic Setup Guide
- Auth0 Basic Setup Guide

solution

solution
- Okta Solutions - Zero Trust with Okta

User stories

support

- Macnica Support

Seminar content

Document request

inquiry

Event/Seminar

video on demand

Okta

Octa

Introduction

Auth0 can integrate SAML with both Service Provider (SP) and Identity Provider (IdP).

The SP uses the user account managed by the external IdP to log in to the Auth0 linked application.
External IdP integration (SAML) with Auth0 Enterprise Connection function

The IdP uses user accounts managed by Auth0 to achieve authentication in applications.

This page introduces how to implement SAML authentication (SP-initiated) for Splunk Cloud using Auth0 and an example of how it works.

premise

The information on functions and settings described on this page is current as of June 2023.

In addition, Splunk Cloud uses the trial environment (Ver.9.0.2209.2) that can be issued from Splunk Cloud Trial.

Setting overview

The settings required to achieve Splunk Cloud SAML authentication with Auth0 are as follows.

1. Splunk Cloud Configuration 1 (SAML SP)

Get SP metadata to set Auth0 as IdP

2. Auth0 settings (SAML IdP)

Application creation for setting Splunk Cloud as SP
Granting Auth0 Roles to Auth0 Users
Create a Rule to customize the SAML response

3. Splunk Cloud Configuration 2 (SAML SP)

SAML settings
SAML group creation and Splunk role grant

The definitions of users, roles and groups in the setting example are as follows.

Auth0 settings		Splunk Cloud settings
A user	Auth0 role	SAML group	Splunk roll
Auth0 user	admin	admin	sc_admin

Auth0 Roles and SAML Groups
During SAML authentication, assign the Auth0 user to a SAML group in Splunk Cloud based on the Auth0 role associated with the Auth0 user. Auth0 role information is passed to Splunk Cloud via SAML response. The process of including Auth0 role information in the SAML response is achieved by Auth0's Rules function.

supplement

Auth0 provides the Actions feature as the successor to the Rules feature. However, customizing SAML responses with the Actions feature is currently not supported.
Migrate from Rules to Actions - Auth0 docs

SAML groups and Splunk roles
By assigning Splunk roles to SAML groups, you define the functions available on Splunk Cloud depending on which SAML group an Auth0 user belongs to.

Setting Example

1. Splunk Cloud Configuration 1 (SAML SP)

Get SP metadata to set Auth0 as IdP

In the Splunk Cloud dashboard, click Settings > Authentication methods

Select SAML and click Configure Splunk to use SAML

Click Download File to download the SP metadata file

2. Auth0 configuration (SAML IdP)

Application creation for setting Splunk Cloud as SP

On the Auth0 admin screen, click Applications > Applications
Click [+ Create Application]

Set the following and click [Create]

Name: Set any name
Choose an application type: Select "Regular Web Applications"

In the [Addons] tab, click [SAML2 WEB APP]

In the [Addons] tab, click [SAML2 WEB APP]

In the Usage tab, download Identity Provider Metadata

In the Usage tab, download Identity Provider Metadata

Add Application Callback URL and Settings on the [Settings] tab according to the contents of the SP metadata file obtained in "1. Splunk Cloud Settings (1) (SAML SP)"

Application Callback URL: URL to send SAML assertions to SP after authentication
nameIdentifierFormat: NameID format (specify email address)
nameIdentifierProbes: Values to use for NameID (specify email address value)
callback: URL to which Auth0 requests logout
slo_enabled(true): Request logout to SP side when logging out on IdP side
signatureAlgorithm: Signature algorithm to use for SAML Assertion/Response (specify RSA-256)
signingCert: Public key certificate used to validate SAML Request

{
  "nameIdentifierFormat":"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ],
  "logout": {
    "callback": "{SingleLogoutService > Location > URLにて取得した値}",
    "slo_enabled": true
  },
  "signatureAlgorithm": "rsa-sha256",
  "signingCert": "-----BEGIN CERTIFICATE-----\n{X509Certificateの中身}\n-----END CERTIFICATE-----\n"
}

Add Application Callback URL and Settings on the [Settings] tab according to the contents of the SP metadata file obtained in "1. Splunk Cloud Settings (1) (SAML SP)"

Click [Enable]

Confirm that the settings are reflected correctly

Confirm that the settings are reflected correctly

Confirm that [SAML2 WEB APP] is ON

Granting Auth0 Roles to Auth0 Users

Grant Auth0 role: admin to Auth0 user

Create a Rule to customize the SAML response

On the Auth0 admin screen, click [Auth Pipeline] > [Rules]
Click + Create

Click [<> Empty rule]

Set the following and click [Save Changes]

Name: Set any name
Script: Describe the process of embedding the login user's role information in the SAML response

function (user, context, callback) {
	// Get the user roles from the Authorization context
	const assignedRoles = (context.authorization || {}).roles;
	// Update the user object.
	user.rolez = assignedRoles;
	callback(null, user, context);
}

Set the following and click [Save Changes]

Confirm that it is reflected correctly

3. Splunk Cloud Configuration 2 (SAML SP)

SAML settings

Click [Select File] and upload the Identity Provider Metadata file obtained in "2. Auth0 Settings (SAML IdP)"

Set the following and click [Save]

set entity id
* Set the value of the Entity ID described in the SP metadata obtained in "1. Splunk Cloud Settings (1) (SAML SP)"
Role Alias: http://schemas.auth0.com/rolez
*Role aliases defined in the Auth0 Rules function in "2. Auth0 Settings (SAML IdP)"
Alias for RealName: http://schemas.auth0.com/nickname
Email alias: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

SAML group creation and Splunk role grant

Click [New Group]

Set the following and click [Save]

Group Name: Same name as the corresponding Auth0 role
Splunk role: select the Splunk role to assign

Operation example

1. Access Splunk Cloud with a web browser and transition to the login screen provided by Auth0

2. Log in as an Auth0 user with Auth0 roles

Splunk Cloudダッシュボードで、[設定] > [Authentication methods]をクリック

3. Confirm that the login process is completed and the Splunk Cloud dashboard is displayed

4. Click Settings > Users and make sure the Auth0 user is listed and has the intended Splunk role

[設定] > [ユーザ]をクリックし、Auth0ユーザが表示されていること、意図したSplunkロールが付与されていることを確認

5. Confirm that the Auth0 login screen is displayed again after logging out

in conclusion

On this page, we introduced an example of implementing SAML authentication using Auth0, using Splunk Cloud as an example. By implementing SAML authentication with Auth0, you can use multi-factor authentication and Auth0's login security features together.
You can also try the SAML authentication function in the free Auth0 trial environment. If you are interested in Auth0's SAML authentication capabilities, please contact us.

reference

Click here for a list of Customer Identity Cloud (Auth0) basic setting operation guides

Inquiry/Document request

In charge of Macnica Okta Co., Ltd.

inquiry Document request

TEL：045-476-2010
E-mail：okta@macnica.co.jp

Weekdays: 9:00-17:00

Site Search