Hi I am suing splunk enterprise version 6.5 and my current authentication mode is LDAP. What is the procedure to migrate the auth mode from LDAP to SSO. What are the necessary files i need to take backup for this.
-Thanks
There's actually a lot to this, so you should start by heading to this link, which contains many docs that describe the process in detail: http://docs.splunk.com/Documentation/Splunk/6.5.3/Security/HowSAMLSSOworks
There are actually three major sections in that document tree that may help: "Authentication using single sign-on with SAML", "Authentication using Proxy SSO", and "Authentication using single sign-on with reverse proxy".
Which one you need will depend on how you plan to implement SSO. If you have a SAML solution (such as Microsoft ADFS) and plan to use LDAP/Active Directory group membership to set Splunk user roles, the SAML method is pretty easy to set up using the SplunkWeb (and coordination with your ADFS admin). If your setup is more complicated than that, you'll have to go with one of the proxy solutions, which are a good deal more complicated (but once you have them working you can largely set and forget).
Thanks for reply.
I followed with http://docs.splunk.com/Documentation/Splunk/6.6.0/Security/ConfigureSSOOneLogin. Now when i try to access http://8000/ its redirecting to onelogin page but adter entreing my onelogin credentials getting an error as
404 Not Found
Return to Splunk home page
Page not found!
View more information about your request (request ID = 5915509ea97f6ae40f16d0) in Search
What is the term "Audience" while configuring saml to splunk?
-thanks
You'll want to back up authentication.conf and authorize.conf. They should be in splunk_home/etc/system/local but you might want to use splunk_home/bin/splunk btool authentication list --debug And btool authorize list --debug to see if there are any other settings in other apps that need to be backed up too.
Other than that, I can't think of much of a process other than apply new settings and test...
I guess you want to identify which machines have web enabled and need to have sso enabled too...