Getting Data In

Splunk SSO with mod_auth_kerb

dmesler
Explorer

I'm trying to enable SSO by proxying from Apache w/ mod_auth_kerb. The problems seems to be the contents of Remote-User include the @REALM. Is there some way to strip the realm from Remote-User in Apache or configure Splunk to ignore it?

Tags (2)
1 Solution

dmesler
Explorer

Upgrading mod_auth_kerb wasn't an option. Fortunately I had success adding this:

RequestHeader edit REMOTE_USER "@REALM$" ""

Thanks though.

View solution in original post

dmesler
Explorer

Upgrading mod_auth_kerb wasn't an option. Fortunately I had success adding this:

RequestHeader edit REMOTE_USER "@REALM$" ""

Thanks though.

View solution in original post

ziegfried
Influencer

mod_auth_kerb >= 5.4 allows you to configure KrbLocalUserMapping On in your Apache configuration which will strip the realm part off the remote user sent to Splunk.

.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!