I am working on enabling SSO on splunk using siteminder. I have worked with siteminder folks in my company and got apache and siteminder webagent installed and configured. Apache is installed on the same server as splunk. At this point the apache proxy url is going through siteminder and gives me "it works" page, looks like i need to setup splunk to accept the siteminder requests and authorize the user.
Currently splunk is using its own authentication system, i have done the steps of adjusting server.conf and web.conf as per the below url but after that proxy based URL is not redirecting me to splunk. Can someone help me with understanding what all config needs to be done in splunk to get this working.
http://docs.splunk.com/Documentation/Splunk/5.0.3/Security/HowSplunkSSOworks
http://docs.splunk.com/Documentation/Splunk/5.0.3/Security/ConfigureSplunkSSO
I have got it configured with help of another person in the company who has done it.
Change Splunk to use LDAP authentication.
Setup a reverse proxy server (apache with mod_proxy) and the CA SiteMinder Web Agent installed.
Protect the reverse proxy in SiteMinder.
edit .../splunk/etc/system/local/web.conf
[settings]
httpport = 80
SSOMode = strict
trustedIP = ip_address_of_your_reverse_proxy
remoteUser = SM_UNIVERSALID
Restart splunk
I managed to get Splunk working with SiteMinder, but am running into an error when using the drill-down functionality. The SiteMinder WebAgent is flagging this as Cross Site Scripting behavior. Since the Splunk search is included in the URL, the BadCSSChars parameter of the SiteMinder WebAgent Agent Configuration Object is blocking the query, and returning an HTTP 403 error.
We have a standard set of characters defined as BadCSSChars, to prevent Cross Site Scripting, and I'm not sure I will be allowed to deviated from this standard to get Splunk working. Does anyone have any ideas how to work around this issue?
 
					
				
		
Hi anoopambli,
could you share your findings with us?
We are looking to integrate splunk into a portal with SSO, perhaps using siteminder
Currently we have the problem understand the benefit of using siteminder 
Thanks
Jan
 
		
		
		
		
		
	
			
		
		
			
					
		I downvoted this post because it is not an answer.
Are you asking about steps specific to splunk config?
Yeah anoopambli...it would be helpful for us to configure our SH's please
I have got it configured with help of another person in the company who has done it.
 
		
		
		
		
		
	
			
		
		
			
					
		I downvoted this post because no details of solution given.
Hi anoopambli... Can you pls let us know how did you configured pls ??
