Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

SSO for Splunk Web

gjackson3
Engager
‎05-03-2012 07:35 AM

Splunk Support,

We are attempting to use AD authentication for logins to our Splunk Web instance. We would like to be able to use the login credentials provided by our AD logins to our Windows workstation and pass those credentials on to Splunk Web so that we are not asked for a username/password to login to Splunk.

I have read docs about SSO with Splunk using a proxy server. Is there any way to provide SSO using AD authentication without having to set up a proxy server? If not:

  • Can the Proxy Server application reside on the same server as our Splunk installation?
  • Can the Squid Proxy software be used instead of Apache/IIS and, if so, how?

Thanks,
George Jackson
DISA

Tags (1)
Reply

andrewbeeber
Explorer
‎12-09-2014 09:43 AM

Hi everyone,

I found this article very helpful for setting Microsoft IIS as a reverse proxy for PKI authentication/SSO to Splunk.

http://blogs.msdn.com/b/chiranth/archive/2014/08/03/application-request-routing-part-2-reverse-proxy...

0 Karma
Reply

dwaddle
SplunkTrust
SplunkTrust
‎05-03-2012 08:33 AM

Splunk alone can support using AD as an authentication store. Which, of course, requires you to log in a second time using the same authentication data. But currently, the only supported way to do "true" single signon (where you only enter your login credentials once) is via a proxy server. That proxy server has to know how to interact with your single signon environment, and pass along the right HTTP header information to Splunk.

Most single-signon solutions for web applications require some type of web server plugin module to interact with the single-signon infrastructure. (This is how CA Siteminder works) That plugin has to take care of validating your user's SSO session cookie and pushing them off to a credential collector (log-in screen) if they don't have a valid one. These type of modules just don't exist for Splunkweb, so a proxy is needed to help glue it together.

There's no reason why that proxy shouldn't be able to exist on the same machine as Splunk. And, there's no Splunk-specific reason it can't be Squid -- provided you can get Squid to interact with your SSO infrastructure and pass along the proper headers. I've never used Squid in this way, and don't know if it's possible.

Reply

dwaddle
SplunkTrust
SplunkTrust
‎05-03-2012 08:40 AM

Just a quick comment - this site is community support for Splunk. Many of the people reading and answering these (such as myself) do not work for Splunk. If you need an official response from Splunk, you'll need to file a support case.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...