- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- SSO: configuration example of an Apache proxy to C...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I would like to connect my splunk installation to the enterprise SSO system, based on CAS.
I read the splunk docs about SSO but I do not know how to configure an Apache proxy so that it relays correctly to and from a CAS server (whenever I googled the question I always see people who "have successfully configured their CAS proxy" :))
I would appreciate very much an example of real-life Apache configuration I could readily uise to go ahead with SSO (without reinventing the wheel in the process)
Thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I finally managed to do this with the configuration below. splunk.example.com:8000 is the actual site to be accessed, cas.example.com is the CAS server. The proxy is on the same machine and will be defined in a VirtualHost.
Apache
The VirtualHost which serves the to-be-SSO-ed application (splunk.example.com:8000) (I did not manage to use below the opening bracket < as it is interpreted as a tag so I replaced it with [)
[VirtualHost splunk.example.com:80>
ServerName splunk.example.com
DocumentRoot /var/www
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASLoginURL https://cas.example.com/cas/login?gateway=true
CASValidateURL https://cas.example.com/cas/proxyValidate
[Location />
Authtype CAS
require valid-user
CASAuthNHeader Cas-User
[/Location>
ProxyPreserveHost On
ProxyPass / http://localhost:8000/
ProxyPassReverse / http://localhost:8000/
[/VirtualHost>
CAS
The module to load is mod_auth_cas. The version I had on Debian failed on some crypto module, it is enough to clone the git repository, configure, make and install and it works out of the box
splunk
I did not manage to use REMOTE_USER (this is a bug, also described in another post with great details) and had to use Cas-User per the Apache config
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I finally managed to do this with the configuration below. splunk.example.com:8000 is the actual site to be accessed, cas.example.com is the CAS server. The proxy is on the same machine and will be defined in a VirtualHost.
Apache
The VirtualHost which serves the to-be-SSO-ed application (splunk.example.com:8000) (I did not manage to use below the opening bracket < as it is interpreted as a tag so I replaced it with [)
[VirtualHost splunk.example.com:80>
ServerName splunk.example.com
DocumentRoot /var/www
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASLoginURL https://cas.example.com/cas/login?gateway=true
CASValidateURL https://cas.example.com/cas/proxyValidate
[Location />
Authtype CAS
require valid-user
CASAuthNHeader Cas-User
[/Location>
ProxyPreserveHost On
ProxyPass / http://localhost:8000/
ProxyPassReverse / http://localhost:8000/
[/VirtualHost>
CAS
The module to load is mod_auth_cas. The version I had on Debian failed on some crypto module, it is enough to clone the git repository, configure, make and install and it works out of the box
splunk
I did not manage to use REMOTE_USER (this is a bug, also described in another post with great details) and had to use Cas-User per the Apache config
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...
Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...
