topic Re: insecure login for one app? in Security

insecure login for one app?

heterodyned — Sat, 13 Nov 2010 21:59:06 GMT

Hey Team,

I created a custom app to enable charting, and tried setting up an insecure login feature ( inorder to embed the charts in a webpage), for some reason it is throwing me a 403 forbidden. Our splunk server is configured with LDAP configuration, was just wondering if its possible to change the authentication mode for that particular APP alone? or am I going wrong somewhere? the embed string I am trying to use is

http://splunk:8000/en_US/account/insecurelogin?username=admin&password=changeme&return_to=/app/TEST/sample_dashboard

Thanks once again

- Raghu

Re: insecure login for one app?

southeringtonp — Sat, 13 Nov 2010 23:47:44 GMT

It's a system-wide feature. You can't enable/disable it on a per-app basis.

As a workaround, you can create a dedicated instance of Splunk, and enable insecure authentication there, and configure it to be a dedicated search head with just that app.

Re: insecure login for one app?

heterodyned — Sun, 14 Nov 2010 12:44:58 GMT

Did i catch you wrong with dedicated instance? you mean like a dedicated indexer? wherein all forwarders send the data?

Re: insecure login for one app?

heterodyned — Sun, 14 Nov 2010 20:18:31 GMT

Infact while I set up the web.conf within the app, with insecure login, it seems to be permitting insecure login with other apps as well. So I am guessing that web.conf setup is also a system wide feature, I think this woould mean to setup a separate Distributed search head? which would have insecure login?

-
Raghu

Re: insecure login for one app?

southeringtonp — Sun, 14 Nov 2010 23:10:13 GMT

Yes - it would be a search head that performs no indexing. It would query the indexer via distributed search. Enabling insecure authentication would apply to all apps installed on that search head. However, a search head does not need to have every app installed. You can install just the app(s) that are needed to render your dashboard.

Re: insecure login for one app?

heterodyned — Sun, 14 Nov 2010 23:28:51 GMT

Would that require an enterprise license? Our central server is on enterprise license, so basically this search head can query the indexed data right? Shouldnt require a separate license for the search head right? Pardon me for this silly question

Re: insecure login for one app?

southeringtonp — Mon, 15 Nov 2010 02:20:17 GMT

Distributed search does require an enterprise license. You could probably get by with the free forwarder license on the search head, but it looks like you'd still need an Enterprise license for the indexer, so it wouldn't help much. See here for the comparison of licenses - http://www.splunk.com/base/Documentation/4.1.5/Installation/AboutSplunklicenses

Re: insecure login for one app?

heterodyned — Thu, 25 Nov 2010 15:29:25 GMT

Thanks! I do have the enterprise license, now I shall create a separate distributed search instance! 🙂 ( by adding the forwarder license)