Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Bypassing Splunk Authentication to load dashboards

Arun_N_007
Communicator
‎01-05-2017 01:22 AM

Hi,

I would like to embed Splunk as an iframe in my we application. Here we need to load Splunk dashboard on load of the page bypassing its authentication.

Here Authentication will be done for that user in third party system while logging in to my web app.

Here am not talking about the insecure login which passes password in the header. Can i use HTTP POST for insecure login? If yes then how?

Regards,
Arun

0 Karma
Reply

prashantkumar_g
Engager
‎11-19-2019 09:07 AM

steps to do this:
1.go to splunk/etc/system/local
2.open web.conf and add following settings:
enable_insecure_login = true

then restart splunk
go to browser and hit splunk by following address
http://localhost:8000/en-US/account/insecurelogin?return_to=%2Fen-US%2Fapp%2Fsearch%2FDASHBOARD_NAME...

Reply

sjohnson_splunk
Splunk Employee
Splunk Employee
‎01-05-2017 05:37 AM

Scripted authentication is supported. You should look at the authentication.conf.spec file.

There are also samples of scripts located at: $SPLUNK_HOME/share/splunk/authScriptSamples

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-05-2017 02:03 AM

Hi Arun_N_007,
this is possible if Splunk is configured for integration with Active Directory: it's possible to configure browser to execute automatic login using users account for authentication.
In othe words: user does logon to AD domain when open his own computer ( “joined” to the domain).
When user will connect to Splunk using own browser (configured as described in the following URL), he will not have to type his credentials again.
https://prdsoftware.com/helpmasterlive/KnowledgeBase/kbarticle.aspx?view=107

Obviously this functionality runs only with a Splunk Enterprise License, it doesn't run with a free license.

Bye.
Giuseppe

0 Karma
Reply

surekhasplunk
Communicator
‎01-22-2018 12:34 PM

Hi @cusello,

Could you please activate the link https://prdsoftware.com/helpmasterlive/KnowledgeBase/kbarticle.aspx?view=107 as i cant find any details in that page.
My scenario is my users are AD enabled and i want to bypass the login screen of splunk and show them the default dashboard as per their roles.
Pls help.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-25-2018 05:09 AM

Hi Arun_N_007,
sorry but I cannot reach your url!
Anyway, if I correctly understood, your need is to have a Single Sign On from your intranet site and your Splunk dashboards, is it correct ?

Did you already see https://docs.splunk.com/Documentation/Splunk/7.0.1/Security/HowSplunkSSOworks ?

Bye.
Giuseppe

0 Karma
Reply

pir8radio
Path Finder
‎06-28-2021 09:28 PM

the URL you couldn't reach was a url you posted.   its broken. is what he was saying.

your message:

Hi Arun_N_007,
this is possible if Splunk is configured for integration with Active Directory: it's possible to configure browser to execute automatic login using users account for authentication.
In othe words: user does logon to AD domain when open his own computer ( “joined” to the domain).
When user will connect to Splunk using own browser (configured as described in the following URL), he will not have to type his credentials again.
https://prdsoftware.com/helpmasterlive/KnowledgeBase/kbarticle.aspx?view=107

Obviously this functionality runs only with a Splunk Enterprise License, it doesn't run with a free license
0 Karma
Reply

Arun_N_007
Communicator
‎01-05-2017 02:12 AM

Here am not using AD... I need authentication done by system specific to our product and Splunk should let me in.

Can we use external scripts to achieve this? And here we want to pass only username and Web session id here... Which can be validated in script to let me in Splunk.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-05-2017 04:03 AM

We have always AD, I don't know other ways.
Sorry.
bye.
Giuseppe

0 Karma
Reply

renjith_nair
Legend
‎01-05-2017 01:56 AM

One of the way's is using the embed report functionality of Splunk. This does not need any authorization and can open in any html.

https://docs.splunk.com/Documentation/Splunk/6.5.1/Report/Embedscheduledreports

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply

Arun_N_007
Communicator
‎01-05-2017 02:01 AM

No embed report got some limitations like...

  • No real time search
  • Report should be pre populated and should be loaded with saved searches.

I need to show my
Splunk dashboard UI in an iframe.

0 Karma
Reply
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...