Archive

How to setup DOD CAC Login for Splunk Web

Communicator

I have been asked to ensure that the DOD CAC can be used to log into the Splunk Search Heads. Does anyone know how to do this? Is there any documentation somewhere i can reference.

Thanks much.

Tags (2)
0 Karma

In our environment, users log in to their workstations with a card that is similar to DOD CAC. Their authentication is done with an ADFS server. When they access Splunk, we are using SAML authentication to verify their identity. Is this what you're looking for? If so, there are a few options:

  1. Your users are all in the same "user" role bucket and don't need a lot of specialized roles - in this case, you can use Splunk SAML authentication to pass UPN values.
  2. Your users have different roles, and those roles can be maintained in your ADFS records - in this case, you can still use Splunk SAML authentication, and ADFS will pass UPN and role info.
  3. Your users have different roles, and those roles need to be managed within Splunk, because you can't be bothering the ADFS team to manage those roles - in this case, you can wrap Splunk with Apache, acting as a reverse proxy, and shibboleth, which manages the SAML.
0 Karma

Communicator

Thanks so much for the response. No i was more looking into how to get them to log into Splunk using the CAC without involving any third party tools. Is that possible?

0 Karma

Do you mean you want them to use a CAC to log in without having some kind of SSO identity provider, such as ADFS? I don't know of any such way to do that. But if Splunk is running in a traditional enterprise environment where users a logging into their workstations with a CAC, then integration with ADFS is pretty straightforward.

0 Karma

Communicator

As it turns out splunk does not have any direct method. So they provided documentation to utilize a proxy with the CAC.

0 Karma