Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What is the procedure to migrate splunk auth mode

splunkgk
Path Finder
‎04-17-2017 12:18 AM

Hi I am suing splunk enterprise version 6.5 and my current authentication mode is LDAP. What is the procedure to migrate the auth mode from LDAP to SSO. What are the necessary files i need to take backup for this.

-Thanks

Tags (1)
0 Karma
Reply

jonmargulies
Path Finder
‎04-17-2017 04:07 AM

There's actually a lot to this, so you should start by heading to this link, which contains many docs that describe the process in detail: http://docs.splunk.com/Documentation/Splunk/6.5.3/Security/HowSAMLSSOworks

There are actually three major sections in that document tree that may help: "Authentication using single sign-on with SAML", "Authentication using Proxy SSO", and "Authentication using single sign-on with reverse proxy".

Which one you need will depend on how you plan to implement SSO. If you have a SAML solution (such as Microsoft ADFS) and plan to use LDAP/Active Directory group membership to set Splunk user roles, the SAML method is pretty easy to set up using the SplunkWeb (and coordination with your ADFS admin). If your setup is more complicated than that, you'll have to go with one of the proxy solutions, which are a good deal more complicated (but once you have them working you can largely set and forget).

0 Karma
Reply

splunkgk
Path Finder
‎05-12-2017 02:49 AM

Thanks for reply.
I followed with http://docs.splunk.com/Documentation/Splunk/6.6.0/Security/ConfigureSSOOneLogin. Now when i try to access http://8000/ its redirecting to onelogin page but adter entreing my onelogin credentials getting an error as
404 Not Found
Return to Splunk home page
Page not found!
View more information about your request (request ID = 5915509ea97f6ae40f16d0) in Search

What is the term "Audience" while configuring saml to splunk?

-thanks

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎04-17-2017 04:04 AM

You'll want to back up authentication.conf and authorize.conf. They should be in splunk_home/etc/system/local but you might want to use splunk_home/bin/splunk btool authentication list --debug And btool authorize list --debug to see if there are any other settings in other apps that need to be backed up too.

Other than that, I can't think of much of a process other than apply new settings and test...

I guess you want to identify which machines have web enabled and need to have sso enabled too...

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...

Introduction to Splunk AI

How are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. Lucky for ...