Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

SSO for Splunk Web

gjackson3
Engager
‎05-03-2012 07:35 AM

Splunk Support,

We are attempting to use AD authentication for logins to our Splunk Web instance. We would like to be able to use the login credentials provided by our AD logins to our Windows workstation and pass those credentials on to Splunk Web so that we are not asked for a username/password to login to Splunk.

I have read docs about SSO with Splunk using a proxy server. Is there any way to provide SSO using AD authentication without having to set up a proxy server? If not:

  • Can the Proxy Server application reside on the same server as our Splunk installation?
  • Can the Squid Proxy software be used instead of Apache/IIS and, if so, how?

Thanks,
George Jackson
DISA

Tags (1)
Reply

andrewbeeber
Explorer
‎12-09-2014 09:43 AM

Hi everyone,

I found this article very helpful for setting Microsoft IIS as a reverse proxy for PKI authentication/SSO to Splunk.

http://blogs.msdn.com/b/chiranth/archive/2014/08/03/application-request-routing-part-2-reverse-proxy...

0 Karma
Reply

dwaddle
SplunkTrust
SplunkTrust
‎05-03-2012 08:33 AM

Splunk alone can support using AD as an authentication store. Which, of course, requires you to log in a second time using the same authentication data. But currently, the only supported way to do "true" single signon (where you only enter your login credentials once) is via a proxy server. That proxy server has to know how to interact with your single signon environment, and pass along the right HTTP header information to Splunk.

Most single-signon solutions for web applications require some type of web server plugin module to interact with the single-signon infrastructure. (This is how CA Siteminder works) That plugin has to take care of validating your user's SSO session cookie and pushing them off to a credential collector (log-in screen) if they don't have a valid one. These type of modules just don't exist for Splunkweb, so a proxy is needed to help glue it together.

There's no reason why that proxy shouldn't be able to exist on the same machine as Splunk. And, there's no Splunk-specific reason it can't be Squid -- provided you can get Squid to interact with your SSO infrastructure and pass along the proper headers. I've never used Squid in this way, and don't know if it's possible.

Reply

dwaddle
SplunkTrust
SplunkTrust
‎05-03-2012 08:40 AM

Just a quick comment - this site is community support for Splunk. Many of the people reading and answering these (such as myself) do not work for Splunk. If you need an official response from Splunk, you'll need to file a support case.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...