Security
Highlighted

Authenticate via SSO and assign users to the 'users' role by default?

Contributor

I'm attempting to use integrate Shibboleth/SSO with Splunk. I am using Shibboleth, Apache & mod_proxy similar to these other Splunk users.

I am able to use SSO for Authentication ("verify that someone is who they claim they are."). Now I'm trying to figure out how to use SSO for Authorization ("process by which someone is allowed to be where they want to go, or to have information that they want to have.").

If I authenticate users using Apache, I can pass the "REMOTE_USER" HTTP Header to Splunk. This works fine. The Splunk Documentation then says I must Set up users in Splunk that match users in your authentication system.

Creating a Splunk user for every user coming in via the proxy can get tedious, and defeats the convenience of using external authentication. Can I just assign these users to a default role instead?

On a related question, can I assign different Splunk roles based on a HTTP Header?

Highlighted

Re: Authenticate via SSO and assign users to the 'users' role by default?

Explorer

Hello stefanlasiewski

Have you figured out how to configure to use Splunk with Shibboleth/SSO. I'm kind of lost now as i cannot find much documentation. Would you have any other information or how you got this to work?

Thanks

0 Karma
Highlighted

Re: Authenticate via SSO and assign users to the 'users' role by default?

Builder

Try this doc and let me know if it works for you:
Splunk native SAML with Shibboleth

0 Karma
Highlighted

Re: Authenticate via SSO and assign users to the 'users' role by default?

There is an optional value you can add to your [saml] configuration.

defaultRoleIfMissing = rolenamehere

Full details of 'defaultRoleIfMissing' here: (applicable from v6.3+)
http://docs.splunk.com/Documentation/Splunk/6.4.4/Admin/Authenticationconf

0 Karma