Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Session timeout not only for user inactivity- Is there a way to set a "global" session timeout?

clotti_splunk
Splunk Employee
Splunk Employee
‎07-19-2019 02:28 AM

Hi guys,
is there any way to set a "global" session timeout?
Not only for user inactivity but for all users even if they are working!
(I know, this look like a stupid question, but the customer asked it for security reason).
Many thanks.

Reply

splunkreal
Influencer
‎08-05-2022 12:30 AM

Hello, this is really needed feature, also it seems http tokens are not accurate, I had one user without any more token and still doing searches. Thanks.

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply

clotti_splunk
Splunk Employee
Splunk Employee
‎07-22-2019 12:15 AM

Found the solution (thanks to Support). Sharing it for who is interested:

Within Splunk all user session timeouts are the result of inactivity, so we effectively only close sessions if they exceed the configured idle time and we provide no mechanism to force sessions to expire/terminate.

However, while it's not a supported feature we do track session tokens, so you could fashion your own solution to delete specific tokens (authentication/httpauth-tokens):

https://docs.splunk.com/Documentation/Splunk/7.2.1/RESTREF/RESTaccess#authentication.2Fhttpauth-toke...

You could query the endpoint to list out all session tokens, then delete the token, for example:

curl -k -u admin:changeme https://localhost:8089/services/authentication/httpauth-tokens

curl -k -u admin:changeme --request DELETE https://localhost:8089/services/authentication/httpauth-tokens/vdZv2eB9F0842dyJhrIEiGNTcBMpBeGuwGPYx...

As mentioned above we provide no official mechanism for doing this, but you should be able to use the above to achieve the same result.

Alternatively, since you have CA-Siteminder you should be able to enforce session time limits, through WebAgent-OnAuthAccept-Session-MaxTimeout for example - just note that I am not overly familiar with CA-Siteminder so can't advise on how this should be configured.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...