Security

SH Cluster Prevent Config Replication

Sivrat
Path Finder

Question - 

If I wanted to prevent SAML/SSO configurations from replicating to other SHs in a cluster, could I use the 'conf_replication_blacklist.<name>' or something similar to exclude the authentication.conf? Or would that cause more issues outside of just preventing SAML/SSO configs to be unsyncd?

Context - 
We are migrating from onprem servers to AWS servers. The current configurations for SSO/SAML only work for the onprem servers, and we will need new configs for the AWS servers. The configs are in the etc/system/local/authentication.conf, so already at highest precendence.

However, while working on those configurations we don't want to break the working SSO for onprem. We don't want to make it a separate cluster, cause then we'd have to get all the searches/lookups replicated across some other way.

I came across the 'conf_replication_summary.blacklist' and 'conf_replication_include.<conf_file_name> = <boolean>' in the server.conf spec, and was wondering if anyone has any experience using these for authentication.conf and if there are complications I should be aware of? Cause if we could use these to temporarily pause the replication with no real ill effects, that'd be great.

Labels (5)
0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...

Build and Launch AI Agents from Your Splunk Workflows

  Register We’ve all been there: juggling alerts, runbooks, and endless manual searches. What if you could ...

Splunk Cloud Application Management in Terraform

Register   On Tuesday, August 4 at 11AM PDT / 2PM EDT, we’re diving into how you can bring Infrastructure as ...