All Apps and Add-ons
Highlighted

Does Splunk ODBC work with Single Sign On (SSO)?

Explorer

Our Enterprise Splunk instance is SSO enabled using Ping Fed. Will this work and if so does the user just put in "domain/userid" and their AD "password" into the setup?
Also we are running a Search Head Cluster so I would assume we point this at the VIP we have setup for the F5.

0 Karma
Highlighted

Re: Does Splunk ODBC work with Single Sign On (SSO)?

Builder

No, Splunk ODBC will not use Single Sign-On. You will need to configure ODBC to connect with either admin or another local account you created in splunk.

Is the splunk management port 8089 open through your F5? If so then yes you can point it at your VIP.

View solution in original post

0 Karma
Highlighted

Re: Does Splunk ODBC work with Single Sign On (SSO)?

Explorer

I'll have to do some checking as the way SSO is setup any time we hit that VIP name it sends it to Ping Fed. Also if the individual server names are used it's rerouted through SSO so there is basically no way, that I know of, to use a local account. I'm not sure if all of that is true hitting the management port but I'll find out.

Thanks for the info, I figured that was the case but hadn't found anything that specifically says that.

0 Karma
Highlighted

Re: Does Splunk ODBC work with Single Sign On (SSO)?

Builder

SSO is done through the splunk web port (8000 by default). This is open at your VIP if it's already working. Local authentication still works even if SSO is enabled, ie:
https://yourSplunkSH1.yourdomain.com:8000/en-US/account/login?loginType=splunk

Splunk ODBC talks to the search head using splunk api through the management port 8089. This may or may not be open at the F5, you will need to confirm.

0 Karma
Highlighted

Re: Does Splunk ODBC work with Single Sign On (SSO)?

Explorer

Thanks for the local auth link, yea I'm checking the F5 config.

0 Karma