Security

Enabling SSO in splunk using siteminder

Communicator

I am working on enabling SSO on splunk using siteminder. I have worked with siteminder folks in my company and got apache and siteminder webagent installed and configured. Apache is installed on the same server as splunk. At this point the apache proxy url is going through siteminder and gives me "it works" page, looks like i need to setup splunk to accept the siteminder requests and authorize the user.

Currently splunk is using its own authentication system, i have done the steps of adjusting server.conf and web.conf as per the below url but after that proxy based URL is not redirecting me to splunk. Can someone help me with understanding what all config needs to be done in splunk to get this working.

About Splunk Single Sign-On

http://docs.splunk.com/Documentation/Splunk/5.0.3/Security/HowSplunkSSOworks

Configure Splunk Single Sign-On

http://docs.splunk.com/Documentation/Splunk/5.0.3/Security/ConfigureSplunkSSO

Tags (1)
1 Solution

Communicator

I have got it configured with help of another person in the company who has done it.

View solution in original post

Explorer
  1. Change Splunk to use LDAP authentication.

  2. Setup a reverse proxy server (apache with mod_proxy) and the CA SiteMinder Web Agent installed.

  3. Protect the reverse proxy in SiteMinder.

  4. edit .../splunk/etc/system/local/web.conf
    [settings]
    httpport = 80
    SSOMode = strict
    trustedIP = ipaddressofyourreverseproxy
    remoteUser = SM
    UNIVERSALID

  5. Restart splunk

0 Karma

Explorer

I managed to get Splunk working with SiteMinder, but am running into an error when using the drill-down functionality. The SiteMinder WebAgent is flagging this as Cross Site Scripting behavior. Since the Splunk search is included in the URL, the BadCSSChars parameter of the SiteMinder WebAgent Agent Configuration Object is blocking the query, and returning an HTTP 403 error.

We have a standard set of characters defined as BadCSSChars, to prevent Cross Site Scripting, and I'm not sure I will be allowed to deviated from this standard to get Splunk working. Does anyone have any ideas how to work around this issue?

0 Karma

Path Finder

Hi anoopambli,
could you share your findings with us?
We are looking to integrate splunk into a portal with SSO, perhaps using siteminder
Currently we have the problem understand the benefit of using siteminder
Thanks
Jan

Splunk Employee
Splunk Employee

I downvoted this post because it is not an answer.

0 Karma

Communicator

Are you asking about steps specific to splunk config?

Motivator

Yeah anoopambli...it would be helpful for us to configure our SH's please

0 Karma

Communicator

I have got it configured with help of another person in the company who has done it.

View solution in original post

Splunk Employee
Splunk Employee

I downvoted this post because no details of solution given.

0 Karma

Motivator

Hi anoopambli... Can you pls let us know how did you configured pls ??

0 Karma