Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What is the procedure to migrate splunk auth mode

splunkgk
Path Finder
‎04-17-2017 12:18 AM

Hi I am suing splunk enterprise version 6.5 and my current authentication mode is LDAP. What is the procedure to migrate the auth mode from LDAP to SSO. What are the necessary files i need to take backup for this.

-Thanks

Tags (1)
0 Karma
Reply

jonmargulies
Path Finder
‎04-17-2017 04:07 AM

There's actually a lot to this, so you should start by heading to this link, which contains many docs that describe the process in detail: http://docs.splunk.com/Documentation/Splunk/6.5.3/Security/HowSAMLSSOworks

There are actually three major sections in that document tree that may help: "Authentication using single sign-on with SAML", "Authentication using Proxy SSO", and "Authentication using single sign-on with reverse proxy".

Which one you need will depend on how you plan to implement SSO. If you have a SAML solution (such as Microsoft ADFS) and plan to use LDAP/Active Directory group membership to set Splunk user roles, the SAML method is pretty easy to set up using the SplunkWeb (and coordination with your ADFS admin). If your setup is more complicated than that, you'll have to go with one of the proxy solutions, which are a good deal more complicated (but once you have them working you can largely set and forget).

0 Karma
Reply

splunkgk
Path Finder
‎05-12-2017 02:49 AM

Thanks for reply.
I followed with http://docs.splunk.com/Documentation/Splunk/6.6.0/Security/ConfigureSSOOneLogin. Now when i try to access http://8000/ its redirecting to onelogin page but adter entreing my onelogin credentials getting an error as
404 Not Found
Return to Splunk home page
Page not found!
View more information about your request (request ID = 5915509ea97f6ae40f16d0) in Search

What is the term "Audience" while configuring saml to splunk?

-thanks

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎04-17-2017 04:04 AM

You'll want to back up authentication.conf and authorize.conf. They should be in splunk_home/etc/system/local but you might want to use splunk_home/bin/splunk btool authentication list --debug And btool authorize list --debug to see if there are any other settings in other apps that need to be backed up too.

Other than that, I can't think of much of a process other than apply new settings and test...

I guess you want to identify which machines have web enabled and need to have sso enabled too...

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...