All Apps and Add-ons
Highlighted

How can I integrate Identity Manager (IdM) with Splunk?

Communicator

Hello Splunkers.

How can I integrate IdM (Identity Manager) with Splunk?
For LDAP data, I'm using the Splunk Support for Active Directory add-on so I can run a ldapsearch command.

But I'm kind of lost on how to integrate IdM (IdM by Novell).

Any ideas?

Thank you all!
Regards

0 Karma
Highlighted

Re: How can I integrate Identity Manager (IdM) with Splunk?

Explorer

I'm not sure about Novell IdM, but many IdM providers use the SAML protocol to authenticate users.

You can configure SAML authentication according to the following documentation: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/HowSAMLSSOworks

If it doesn't support SAML, try to figure out which protocols it does support and you may find an app to integrate with it.
Worst-case, you can use Splunk's scripted authentication interface or the Linux PAM interface to pass through the authentication from the servers that Splunk runs on.

http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/ConfigureSplunkToUsePAMOrRADIUSAuthentica...

0 Karma
Highlighted

Re: How can I integrate Identity Manager (IdM) with Splunk?

Communicator

In fact, what I want is to get the identity data that is at IdM.
For example, I can get an ID from application logs, and I want to get the login e user name on IdM that correlates to this ID.

I think that Splunk Support for Active Directory add-on can help me on this one, I'm not sure how to configure it.

0 Karma
Highlighted

Re: How can I integrate Identity Manager (IdM) with Splunk?

Communicator

I'm trying to use the Splunk Support for Active Directory add-on, but I receive the following error:

idmprd01.bnet: Could not access the directory service at ldap://idmprd01.bnet:389

Here is my ldap.conf

[bnet]
alternatedomain = bnet\
basedn = dc=bnet
binddn = splunk
password =
server = idmprd01.bnet
ssl = 0

Any ideas?

0 Karma
Highlighted

Re: How can I integrate Identity Manager (IdM) with Splunk?

Splunk Employee
Splunk Employee

You will need to file a ticket and have them open port to LDAP and you better use LDAPs (usually port 636 i believe)

but best to configure SAML using the authentication settings.

0 Karma
Highlighted

Re: How can I integrate Identity Manager (IdM) with Splunk?

Communicator

I ended up creating a shell script that creates a dump from IdM and it is indexed in Splunk.
For my needs, it worked.

View solution in original post

0 Karma
Highlighted

Re: How can I integrate Identity Manager (IdM) with Splunk?

Communicator

hi, could you let me know abput this script?, i have the same problem

0 Karma