Security

After setting up SiteMinder SSO in our Splunk environment, How to Enable \ Configure Custom Logout Link to invalidate Siteminder session?

surendrasajwan
New Member

Hi Friends,

I have configured Siteminder SSO setup on our Splunk environment and it's working fine.
After SSO setup, the Logout link is disappeared from the top navigation after Siteminder setup which is known Splunk Implementation.

Need help on enabling the existing Logout link or custom Logout link on top navigation which we can be set to siteminder Logout URL as well to Splunk session logout too

I have checked for many of answers in the forum here, but none are resolving the issue.
Can someone please provide the inputs as it's a very common issue and must have some simple or complex answer, but surely some working answer.

Splunk version - 6.2.5

web.conf

root_endpoint = /
trustedIP = 127.0.0.1,

tools.proxy.on = false
splunkdConnectionTimeout = 120
remoteUser = SM-USER
SSOMode = strict
0 Karma

charliedgz
Path Finder

This is just a starter... but you can configure your dashboard to have a log out button and use javascript/jquery. Remember to drop your javascript files in etc/apps/appname/appserver/static/ and reference it in your form or dashboard xml tag as script="scriptname.js". In this javascript, I have a jquery function that uses ajax to get the splunk login and once it gets a successful response, it redirects to the sso homepage. The id name of the button is logout. There has to be a more robust way of doing this though, and once I find it I will update.

require(["jquery","splunkjs/mvc/simplexml/ready!"], function($) {
        $("#logout").on("click", function (){
        $.ajax({url: '../../account/logout',type: 'GET',success: function(response){
                window.location.href="<relative path to sso logout>"; }});
});
});

suarezry
Builder

"../../account/logout" may logout the user from Splunk. However, the user still has a valid SSO session from siteminder. If another user browses to a different SSO service then they are automatically granted access using the previous users session!

If you want to go this route then the safest way is to redirect the user to a static page that says "Please quit your browser to securely logout of SSO"

0 Karma

charliedgz
Path Finder

Well in the "relative path to sso logout" I have something similar to "../../account/logout" but for siteminder log out URL that kills the SSO session. Works for me, i have just had the issue on occasion, where it goes to an unauthorized message screen instead of the siteminder login screen.

0 Karma

suarezry
Builder

Even in that case, there's no guarantee that all the different Service Providers that participate in SSO will honor the logout request from the IdP. This is the well known single logout problem. This becomes more apparent as the size of your federation grows.

The safest course is to point your relative path to a static page that instructs the user to quit the browser to initiate logout from SSO.

0 Karma

charliedgz
Path Finder

Ok, understood. Thanks for the info!

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

&#x1f342; Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...