Hi Friends,
I have configured Siteminder SSO setup on our Splunk environment and it's working fine.
After SSO setup, the Logout link is disappeared from the top navigation after Siteminder setup which is known Splunk Implementation.
Need help on enabling the existing Logout link or custom Logout link on top navigation which we can be set to siteminder Logout URL as well to Splunk session logout too
I have checked for many of answers in the forum here, but none are resolving the issue.
Can someone please provide the inputs as it's a very common issue and must have some simple or complex answer, but surely some working answer.
Splunk version - 6.2.5
web.conf
root_endpoint = /
trustedIP = 127.0.0.1,
tools.proxy.on = false
splunkdConnectionTimeout = 120
remoteUser = SM-USER
SSOMode = strict
This is just a starter... but you can configure your dashboard to have a log out button and use javascript/jquery. Remember to drop your javascript files in etc/apps/appname/appserver/static/ and reference it in your form or dashboard xml tag as script="scriptname.js". In this javascript, I have a jquery function that uses ajax to get the splunk login and once it gets a successful response, it redirects to the sso homepage. The id name of the button is logout. There has to be a more robust way of doing this though, and once I find it I will update.
require(["jquery","splunkjs/mvc/simplexml/ready!"], function($) {
$("#logout").on("click", function (){
$.ajax({url: '../../account/logout',type: 'GET',success: function(response){
window.location.href="<relative path to sso logout>"; }});
});
});
"../../account/logout" may logout the user from Splunk. However, the user still has a valid SSO session from siteminder. If another user browses to a different SSO service then they are automatically granted access using the previous users session!
If you want to go this route then the safest way is to redirect the user to a static page that says "Please quit your browser to securely logout of SSO"
Well in the "relative path to sso logout" I have something similar to "../../account/logout" but for siteminder log out URL that kills the SSO session. Works for me, i have just had the issue on occasion, where it goes to an unauthorized message screen instead of the siteminder login screen.
Even in that case, there's no guarantee that all the different Service Providers that participate in SSO will honor the logout request from the IdP. This is the well known single logout problem. This becomes more apparent as the size of your federation grows.
The safest course is to point your relative path to a static page that instructs the user to quit the browser to initiate logout from SSO.
Ok, understood. Thanks for the info!