Knowledge Management

What is the procedure to migrate splunk auth mode

splunkgk
Path Finder

Hi I am suing splunk enterprise version 6.5 and my current authentication mode is LDAP. What is the procedure to migrate the auth mode from LDAP to SSO. What are the necessary files i need to take backup for this.

-Thanks

Tags (1)
0 Karma

jonmargulies
Path Finder

There's actually a lot to this, so you should start by heading to this link, which contains many docs that describe the process in detail: http://docs.splunk.com/Documentation/Splunk/6.5.3/Security/HowSAMLSSOworks

There are actually three major sections in that document tree that may help: "Authentication using single sign-on with SAML", "Authentication using Proxy SSO", and "Authentication using single sign-on with reverse proxy".

Which one you need will depend on how you plan to implement SSO. If you have a SAML solution (such as Microsoft ADFS) and plan to use LDAP/Active Directory group membership to set Splunk user roles, the SAML method is pretty easy to set up using the SplunkWeb (and coordination with your ADFS admin). If your setup is more complicated than that, you'll have to go with one of the proxy solutions, which are a good deal more complicated (but once you have them working you can largely set and forget).

0 Karma

splunkgk
Path Finder

Thanks for reply.
I followed with http://docs.splunk.com/Documentation/Splunk/6.6.0/Security/ConfigureSSOOneLogin. Now when i try to access http://8000/ its redirecting to onelogin page but adter entreing my onelogin credentials getting an error as
404 Not Found
Return to Splunk home page
Page not found!
View more information about your request (request ID = 5915509ea97f6ae40f16d0) in Search

What is the term "Audience" while configuring saml to splunk?

-thanks

0 Karma

jkat54
SplunkTrust
SplunkTrust

You'll want to back up authentication.conf and authorize.conf. They should be in splunk_home/etc/system/local but you might want to use splunk_home/bin/splunk btool authentication list --debug And btool authorize list --debug to see if there are any other settings in other apps that need to be backed up too.

Other than that, I can't think of much of a process other than apply new settings and test...

I guess you want to identify which machines have web enabled and need to have sso enabled too...

0 Karma
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...