How can I integrate IdM (Identity Manager) with Splunk?
For LDAP data, I'm using the Splunk Support for Active Directory add-on so I can run a
But I'm kind of lost on how to integrate IdM (IdM by Novell).
Thank you all!
I'm not sure about Novell IdM, but many IdM providers use the SAML protocol to authenticate users.
You can configure SAML authentication according to the following documentation: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/HowSAMLSSOworks
If it doesn't support SAML, try to figure out which protocols it does support and you may find an app to integrate with it.
Worst-case, you can use Splunk's scripted authentication interface or the Linux PAM interface to pass through the authentication from the servers that Splunk runs on.
In fact, what I want is to get the identity data that is at IdM.
For example, I can get an ID from application logs, and I want to get the login e user name on IdM that correlates to this ID.
I think that Splunk Support for Active Directory add-on can help me on this one, I'm not sure how to configure it.
I'm trying to use the Splunk Support for Active Directory add-on, but I receive the following error:
idmprd01.bnet: Could not access the directory service at ldap://idmprd01.bnet:389
Here is my ldap.conf
[bnet] alternatedomain = bnet\ basedn = dc=bnet binddn = splunk password = server = idmprd01.bnet ssl = 0
You will need to file a ticket and have them open port to LDAP and you better use LDAPs (usually port 636 i believe)
but best to configure SAML using the authentication settings.
I ended up creating a shell script that creates a dump from IdM and it is indexed in Splunk.
For my needs, it worked.