The SAML Utilities add-on for Splunk adds a command named saml
to the Splunk search language which can be used to parse encoded SAML messages in Splunk searches.
SAML Utilities is a standard Splunk add-on and requires no special configuration.
The saml
command is implemented as a single search command which can be used to parse encoded SAML messages.
Usage: saml field
The following example will parse a Base64 encoded SAML AuthnRequest and return a decoded XML string.
... | saml SAMLRequest
The Splunk field to parse. This field should contain either a Base64 encoded XML string or a plain text XML String (multi-line XML strings are supported)
https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language
Commented invalid keys (comments) in commands.conf to suppress Splunk startup errors.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.