In our environment, users log in to their workstations with a card that is similar to DOD CAC. Their authentication is done with an ADFS server. When they access Splunk, we are using SAML authentication to verify their identity. Is this what you're looking for? If so, there are a few options:
Do you mean you want them to use a CAC to log in without having some kind of SSO identity provider, such as ADFS? I don't know of any such way to do that. But if Splunk is running in a traditional enterprise environment where users a logging into their workstations with a CAC, then integration with ADFS is pretty straightforward.