Configure SAML SSO in the configuration files

[authentication]
authSettings = saml_settings
authType = SAML
[roleMap_SAML]
admin = Super Admin;
power = Power Admin;
user = <list roles> Admin;Employee;  
[saml_settings]
entityId = <entityid>
idpAttributeQueryUrl = <optional path to the Attribute query> https://your path/idp/attrsvc.ssaml2
idpCertPath = <path to the idp cert in Splunk> /home/user/splunk/saml-install/etc/auth/ping_idp.crt.>
idpSSOUrl = <path to the sso url> https://your path/idp/SSO.saml2. 
idpSLOUrl = <Logout url. If not specified, this will be treated as a typical sso and the logout button will be disabled. 
https://your path/idp/SLO.saml2 # 
redirectPort=443
attributeQueryTTL = 3600
signAuthnRequest = true
signedAssertion = true
attributeQueryRequestSigned = <Set to true if using optional idpAttributeQuerySSL>
attributeQueryResponseSigned = <Set to true if using optional idpAttributeQuerySSL>
attributeQuerySoapPassword = <your password>
attributeQuerySoapUsername = <your username> 

nameIDFormat = (optional) Specify the format of the subject that is returned in the SAML response. AzureAD returns a string to identify the subject and this attribute lets you optionally specify a different format (we recommend email address). This can be useful for auditing and saved searches. To specify email address as the format, use: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

role = Populate this field if you use Azure AD for SSO or ADFS. This value tells Splunk Enterprise the attribute that supplies role information in the SAML response returned. For Azure AD, use: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups

mail = This value maps the alias to the user email addresses in the SAML response returned. For Azure AD, use: http://schemas.microsoft.com/identity/claims/displayname

realName = This tells Splunk Enterprise where to map the real name in the SAML response returned. For Azure AD use: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.

[settings]
appServerPorts = 7065 <make sure this attribute is enabled>
ssoAuthFailureRedirect = http://10.140.31.19:7000/ui/en-us/account/sso_error <this is your custom user redirect for failed logins>

sslVersions = <recommended settings tls1.1 and tls1.2>
sslCommonNameToCheck = <commonName> If this value is set, and 'sslVerifyServerCert' is set to true, splunkd will limit most outbound HTTPS connections to hosts which use a cert with this common name. If not set, Splunk uses the setting specified in server.conf.
sslAltNameToCheck = <alternateName1>, <alternateName2> If this value is set, and 'sslVerifyServerCert' is set to true, splunkd will also be willing to verify certificates which have a so-called "Subject Alternate Name" that matches any of the alternate names in this list. If not set, Splunk uses the setting specified in server.conf.
ecdhCurveName = <string> ECDH curve to use for ECDH key negotiation. If not set, Splunk uses the setting specified in server.conf.
sslKeysfile = <server certificate file>. Certificates are auto-generated by splunkd upon starting Splunk but you can replace the default cert with your own PEM format file. Default is server.pem. If not set, Splunk uses the setting specified in server.conf. This setting is valid for all IdPs.
sslKeysfilePassword = <server certificate password> This setting is valid for all IdPs.
caCertFile = <fPublic key of the signing authority, default is cacert.pem> If not set, Splunk uses the setting specified in server.conf.
caPath = <path where all these certs are stored, the default is $SPLUNK_HOME/etc/auth>
sslVerifyServerCert = [ true | false ] Used by distributed search: when making a search request to another server in the search cluster. If not set, Splunk uses the setting specified in server.conf.