Knowledge Management

What is the procedure to migrate splunk auth mode

splunkgk
Path Finder

Hi I am suing splunk enterprise version 6.5 and my current authentication mode is LDAP. What is the procedure to migrate the auth mode from LDAP to SSO. What are the necessary files i need to take backup for this.

-Thanks

Tags (1)
0 Karma

jonmargulies
Path Finder

There's actually a lot to this, so you should start by heading to this link, which contains many docs that describe the process in detail: http://docs.splunk.com/Documentation/Splunk/6.5.3/Security/HowSAMLSSOworks

There are actually three major sections in that document tree that may help: "Authentication using single sign-on with SAML", "Authentication using Proxy SSO", and "Authentication using single sign-on with reverse proxy".

Which one you need will depend on how you plan to implement SSO. If you have a SAML solution (such as Microsoft ADFS) and plan to use LDAP/Active Directory group membership to set Splunk user roles, the SAML method is pretty easy to set up using the SplunkWeb (and coordination with your ADFS admin). If your setup is more complicated than that, you'll have to go with one of the proxy solutions, which are a good deal more complicated (but once you have them working you can largely set and forget).

0 Karma

splunkgk
Path Finder

Thanks for reply.
I followed with http://docs.splunk.com/Documentation/Splunk/6.6.0/Security/ConfigureSSOOneLogin. Now when i try to access http://8000/ its redirecting to onelogin page but adter entreing my onelogin credentials getting an error as
404 Not Found
Return to Splunk home page
Page not found!
View more information about your request (request ID = 5915509ea97f6ae40f16d0) in Search

What is the term "Audience" while configuring saml to splunk?

-thanks

0 Karma

jkat54
SplunkTrust
SplunkTrust

You'll want to back up authentication.conf and authorize.conf. They should be in splunk_home/etc/system/local but you might want to use splunk_home/bin/splunk btool authentication list --debug And btool authorize list --debug to see if there are any other settings in other apps that need to be backed up too.

Other than that, I can't think of much of a process other than apply new settings and test...

I guess you want to identify which machines have web enabled and need to have sso enabled too...

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...