Authenticate via SSO and assign users to the 'users' role by default?


I'm attempting to use integrate Shibboleth/SSO with Splunk. I am using Shibboleth, Apache & mod_proxy similar to these other Splunk users.

I am able to use SSO for Authentication ("verify that someone is who they claim they are."). Now I'm trying to figure out how to use SSO for Authorization ("process by which someone is allowed to be where they want to go, or to have information that they want to have.").

If I authenticate users using Apache, I can pass the "REMOTE_USER" HTTP Header to Splunk. This works fine. The Splunk Documentation then says I must Set up users in Splunk that match users in your authentication system.

Creating a Splunk user for every user coming in via the proxy can get tedious, and defeats the convenience of using external authentication. Can I just assign these users to a default role instead?

On a related question, can I assign different Splunk roles based on a HTTP Header?


There is an optional value you can add to your [saml] configuration.

defaultRoleIfMissing = role_name_here

Full details of 'defaultRoleIfMissing' here: (applicable from v6.3+)

0 Karma


Hello stefanlasiewski

Have you figured out how to configure to use Splunk with Shibboleth/SSO. I'm kind of lost now as i cannot find much documentation. Would you have any other information or how you got this to work?


0 Karma


Try this doc and let me know if it works for you:
Splunk native SAML with Shibboleth

0 Karma
Get Updates on the Splunk Community!

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...