Security

Is it possible to use SAML, LDAP and Splunk authentication at the same time?

FritzWittwer_ol
Contributor

Is it possible to use SAML, LDAP and Splunk authentication at the same time? If yes, which is the order of the authentication methods tried?

boz_8058
Explorer

It would be good to have this as a feature.

You can have multiple LDAP strategies with priorities, so i can't see why you couldnt set SSO as the highest priority, and then LDAP stratergies with lower priorities.

Reason for this (which has happened for us today) is that our SSO providers certificate has expired, which means no-one can log in. It would have been good for it to automatically defer to a direct LDAP stratergy, which would have worked.

I have raised EID-I-842

0 Karma

stefan_d
Path Finder

thanks for raising the enhancement request!

Another reason for this requirement would be to have CLI authentication requests served via LDAP(not possible with SAML as the password is not sent with request) and not have to rely on locally managed Splunk accounts.

mydog8it
Builder

When you set up the Authentication Method it is either LDAP OR SAML in the UI, not both. Perhaps there is a way in the conf files.
My experience is in SAML configuration. Local Auth can be enabled at the same time. To use local you must enter a different URL so as to not engage the SAML redirect.
something like this...
https://xxxxxx.splunkcloud.com/en-US/account/login?loginType=splunk

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...