I'm attempting to use integrate Shibboleth/SSO with Splunk. I am using Shibboleth, Apache & mod_proxy similar to these other Splunk users.
I am able to use SSO for Authentication ("verify that someone is who they claim they are."). Now I'm trying to figure out how to use SSO for Authorization ("process by which someone is allowed to be where they want to go, or to have information that they want to have.").
If I authenticate users using Apache, I can pass the "REMOTE_USER" HTTP Header to Splunk. This works fine. The Splunk Documentation then says I must Set up users in Splunk that match users in your authentication system.
Creating a Splunk user for every user coming in via the proxy can get tedious, and defeats the convenience of using external authentication. Can I just assign these users to a default role instead?
On a related question, can I assign different Splunk roles based on a HTTP Header?
Have you figured out how to configure to use Splunk with Shibboleth/SSO. I'm kind of lost now as i cannot find much documentation. Would you have any other information or how you got this to work?
There is an optional value you can add to your [saml] configuration.
defaultRoleIfMissing = rolenamehere
Full details of 'defaultRoleIfMissing' here: (applicable from v6.3+)