Security

Enabling SSO in splunk using siteminder

anoopambli
Communicator

I am working on enabling SSO on splunk using siteminder. I have worked with siteminder folks in my company and got apache and siteminder webagent installed and configured. Apache is installed on the same server as splunk. At this point the apache proxy url is going through siteminder and gives me "it works" page, looks like i need to setup splunk to accept the siteminder requests and authorize the user.

Currently splunk is using its own authentication system, i have done the steps of adjusting server.conf and web.conf as per the below url but after that proxy based URL is not redirecting me to splunk. Can someone help me with understanding what all config needs to be done in splunk to get this working.

About Splunk Single Sign-On

http://docs.splunk.com/Documentation/Splunk/5.0.3/Security/HowSplunkSSOworks

Configure Splunk Single Sign-On

http://docs.splunk.com/Documentation/Splunk/5.0.3/Security/ConfigureSplunkSSO

Tags (1)
1 Solution

anoopambli
Communicator

I have got it configured with help of another person in the company who has done it.

View solution in original post

brettcarroll
Explorer
  1. Change Splunk to use LDAP authentication.

  2. Setup a reverse proxy server (apache with mod_proxy) and the CA SiteMinder Web Agent installed.

  3. Protect the reverse proxy in SiteMinder.

  4. edit .../splunk/etc/system/local/web.conf
    [settings]
    httpport = 80
    SSOMode = strict
    trustedIP = ip_address_of_your_reverse_proxy
    remoteUser = SM_UNIVERSALID

  5. Restart splunk

0 Karma

brettcarroll
Explorer

I managed to get Splunk working with SiteMinder, but am running into an error when using the drill-down functionality. The SiteMinder WebAgent is flagging this as Cross Site Scripting behavior. Since the Splunk search is included in the URL, the BadCSSChars parameter of the SiteMinder WebAgent Agent Configuration Object is blocking the query, and returning an HTTP 403 error.

We have a standard set of characters defined as BadCSSChars, to prevent Cross Site Scripting, and I'm not sure I will be allowed to deviated from this standard to get Splunk working. Does anyone have any ideas how to work around this issue?

0 Karma

waechtler
Path Finder

Hi anoopambli,
could you share your findings with us?
We are looking to integrate splunk into a portal with SSO, perhaps using siteminder
Currently we have the problem understand the benefit of using siteminder
Thanks
Jan

ddearmond_splun
Splunk Employee
Splunk Employee

I downvoted this post because it is not an answer.

0 Karma

anoopambli
Communicator

Are you asking about steps specific to splunk config?

rakesh_498115
Motivator

Yeah anoopambli...it would be helpful for us to configure our SH's please

0 Karma

anoopambli
Communicator

I have got it configured with help of another person in the company who has done it.

ddearmond_splun
Splunk Employee
Splunk Employee

I downvoted this post because no details of solution given.

0 Karma

rakesh_498115
Motivator

Hi anoopambli... Can you pls let us know how did you configured pls ??

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...