I'm trying to enable SSO by proxying from Apache w/ mod_auth_kerb. The problems seems to be the contents of Remote-User include the @REALM. Is there some way to strip the realm from Remote-User in Apache or configure Splunk to ignore it?
mod_auth_kerb >= 5.4 allows you to configure KrbLocalUserMapping On in your Apache configuration which will strip the realm part off the remote user sent to Splunk.
Upgrading mod_auth_kerb wasn't an option. Fortunately I had success adding this:
RequestHeader edit REMOTE_USER "@REALM$" ""
View solution in original post