Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I authenticate in Splunk using a reverse proxy?

lukaslentner
Explorer
‎09-07-2018 04:00 AM

I would like to use a reverse proxy in front of a Splunk instance which handles authentication using a custom logic.

For example, users should log in at the proxy with username ProxyUser1 and be authenticated in Splunk as SplunkUser1. I tried to use node-js for this task and it is not hard to set up a proxy to access Splunk, but I could not make the proxy do the logging in into Splunk. It looks like Splunk's REST API supports basic authentication, but direct access of the Splunk web interface is not possible using basic authentication. I also found SDKs like splunkjs which handle the authentication process, but (again) they only allow API access. What is the authentication method which is used in Splunk's web interface.

0 Karma
Reply

mattymo
Splunk Employee
Splunk Employee
‎09-10-2018 06:19 AM

Hey lukaslentner!

I would suggest checking out our docs on "Securing Splunk Enterprise", https://docs.splunk.com/Documentation/Splunk/7.1.2/Security/WhatyoucansecurewithSplunk

specifically:

SSO:
https://docs.splunk.com/Documentation/Splunk/latest/Security/HowSplunkSSOworks

Splunk Single Sign-on (SSO) lets you use a reverse proxy to handle Splunk authentication, meaning that once the user has logged into their proxy, they can seamlessly access Splunk Web (and presumably any other applications configured to your proxy).

The reverse proxy implementation of Splunk Enterprise SSO supports logging into Splunk Enterprise only through Splunk Web. Since the implementation relies on cookies to save authentication information, SSO cannot be used for CLI authentication to Splunk Enterprise. Invoking https://localhost:8089 (or the assigned management port) still requires independent authentication.

It has a detailed break down on how it works. Hopefully this will steer you to success. Let us know how it goes!!

- MattyMo
0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...