Security

After setting up SiteMinder SSO in our Splunk environment, How to Enable \ Configure Custom Logout Link to invalidate Siteminder session?

surendrasajwan
New Member

Hi Friends,

I have configured Siteminder SSO setup on our Splunk environment and it's working fine.
After SSO setup, the Logout link is disappeared from the top navigation after Siteminder setup which is known Splunk Implementation.

Need help on enabling the existing Logout link or custom Logout link on top navigation which we can be set to siteminder Logout URL as well to Splunk session logout too

I have checked for many of answers in the forum here, but none are resolving the issue.
Can someone please provide the inputs as it's a very common issue and must have some simple or complex answer, but surely some working answer.

Splunk version - 6.2.5

web.conf

root_endpoint = /
trustedIP = 127.0.0.1,

tools.proxy.on = false
splunkdConnectionTimeout = 120
remoteUser = SM-USER
SSOMode = strict
0 Karma

charliedgz
Path Finder

This is just a starter... but you can configure your dashboard to have a log out button and use javascript/jquery. Remember to drop your javascript files in etc/apps/appname/appserver/static/ and reference it in your form or dashboard xml tag as script="scriptname.js". In this javascript, I have a jquery function that uses ajax to get the splunk login and once it gets a successful response, it redirects to the sso homepage. The id name of the button is logout. There has to be a more robust way of doing this though, and once I find it I will update.

require(["jquery","splunkjs/mvc/simplexml/ready!"], function($) {
        $("#logout").on("click", function (){
        $.ajax({url: '../../account/logout',type: 'GET',success: function(response){
                window.location.href="<relative path to sso logout>"; }});
});
});

suarezry
Builder

"../../account/logout" may logout the user from Splunk. However, the user still has a valid SSO session from siteminder. If another user browses to a different SSO service then they are automatically granted access using the previous users session!

If you want to go this route then the safest way is to redirect the user to a static page that says "Please quit your browser to securely logout of SSO"

0 Karma

charliedgz
Path Finder

Well in the "relative path to sso logout" I have something similar to "../../account/logout" but for siteminder log out URL that kills the SSO session. Works for me, i have just had the issue on occasion, where it goes to an unauthorized message screen instead of the siteminder login screen.

0 Karma

suarezry
Builder

Even in that case, there's no guarantee that all the different Service Providers that participate in SSO will honor the logout request from the IdP. This is the well known single logout problem. This becomes more apparent as the size of your federation grows.

The safest course is to point your relative path to a static page that instructs the user to quit the browser to initiate logout from SSO.

0 Karma

charliedgz
Path Finder

Ok, understood. Thanks for the info!

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...