I don't know what wiki you're looking at, but it's probably not applicable to Splunk 4.1. Nevertheless, setting up IIS ARR should be pretty straightforward. Set up a server "farm" in IIS pointing to SplunkWeb and proxy to that farm. Set up an application/site in IIS that goes to that farm. Set up that application/site to require Windows Integrated Auth instead of anonymous access.
That should be it for setting up the proxy. You then need to configure Splunk to accept SSO: http://docs.splunk.com/Documentation/Splunk/5.0/Security/ConfigureSplunkSSO
Answers just deleted my answer, woohoo.
Free has no auth. In free, all connections are assigned to be a
single unnamed user who has admin-level priveledges. Thus, SSO is not
a meaningful term for splunk free.
However, in the quest to support SSO in 4.1, Splunk was modified to
work better behind a proxy. I would expect the settings such as
root_endpoint and tools.proxy.on should be sufficient to get splunk
free to function in some fashion behind a proxy in free.
If you set up an SSO proxy to protect Splunk Free, that essentially becomes your authentication into Splunk. However, this simply controls access, and does not provide distinct users or roles within the app. For that, you'd need the Splunk Enterprise version.
Understood, gkanapathy, for right now, I simply just need to control access, possibly to testers only, until the Ent comes in the door. However, it might take quite a while until I get my hands on the Ent so for now this will do. So SSO can still be configured with Free? I would assume the remote_user would have to be the "Admin" user?
In free, you don't need to configure any remote user at all. It will always be the single admin user. You can do the same thing, but basically just ignore all the configuration on the Splunk side. However, you probably will want to use iptables, some other firewall, or the Splunk SSO trustedIP setting to ensure that only the IIS server can make requests to SplunkWeb. You should also use the SSOMode = strict settings in this case.
Should I configure both web.conf and server.conf for trustedIP or just the server.conf?
I'm giving up. I'm going to use the trustedIP on the web.conf to perform restriction.
BTW, my inability to make the ARR on IIS work doesn't mean the answer provided is not correct, so I will hand it to you gkanapathy, for the patience :).