Security

After setting up SiteMinder SSO in our Splunk environment, How to Enable \ Configure Custom Logout Link to invalidate Siteminder session?

surendrasajwan
New Member

Hi Friends,

I have configured Siteminder SSO setup on our Splunk environment and it's working fine.
After SSO setup, the Logout link is disappeared from the top navigation after Siteminder setup which is known Splunk Implementation.

Need help on enabling the existing Logout link or custom Logout link on top navigation which we can be set to siteminder Logout URL as well to Splunk session logout too

I have checked for many of answers in the forum here, but none are resolving the issue.
Can someone please provide the inputs as it's a very common issue and must have some simple or complex answer, but surely some working answer.

Splunk version - 6.2.5

web.conf

root_endpoint = /
trustedIP = 127.0.0.1,

tools.proxy.on = false
splunkdConnectionTimeout = 120
remoteUser = SM-USER
SSOMode = strict
0 Karma

charliedgz
Path Finder

This is just a starter... but you can configure your dashboard to have a log out button and use javascript/jquery. Remember to drop your javascript files in etc/apps/appname/appserver/static/ and reference it in your form or dashboard xml tag as script="scriptname.js". In this javascript, I have a jquery function that uses ajax to get the splunk login and once it gets a successful response, it redirects to the sso homepage. The id name of the button is logout. There has to be a more robust way of doing this though, and once I find it I will update.

require(["jquery","splunkjs/mvc/simplexml/ready!"], function($) {
        $("#logout").on("click", function (){
        $.ajax({url: '../../account/logout',type: 'GET',success: function(response){
                window.location.href="<relative path to sso logout>"; }});
});
});

suarezry
Builder

"../../account/logout" may logout the user from Splunk. However, the user still has a valid SSO session from siteminder. If another user browses to a different SSO service then they are automatically granted access using the previous users session!

If you want to go this route then the safest way is to redirect the user to a static page that says "Please quit your browser to securely logout of SSO"

0 Karma

charliedgz
Path Finder

Well in the "relative path to sso logout" I have something similar to "../../account/logout" but for siteminder log out URL that kills the SSO session. Works for me, i have just had the issue on occasion, where it goes to an unauthorized message screen instead of the siteminder login screen.

0 Karma

suarezry
Builder

Even in that case, there's no guarantee that all the different Service Providers that participate in SSO will honor the logout request from the IdP. This is the well known single logout problem. This becomes more apparent as the size of your federation grows.

The safest course is to point your relative path to a static page that instructs the user to quit the browser to initiate logout from SSO.

0 Karma

charliedgz
Path Finder

Ok, understood. Thanks for the info!

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...