We are attempting to use AD authentication for logins to our Splunk Web instance. We would like to be able to use the login credentials provided by our AD logins to our Windows workstation and pass those credentials on to Splunk Web so that we are not asked for a username/password to login to Splunk.
I have read docs about SSO with Splunk using a proxy server. Is there any way to provide SSO using AD authentication without having to set up a proxy server? If not:
Splunk alone can support using AD as an authentication store. Which, of course, requires you to log in a second time using the same authentication data. But currently, the only supported way to do "true" single signon (where you only enter your login credentials once) is via a proxy server. That proxy server has to know how to interact with your single signon environment, and pass along the right HTTP header information to Splunk.
Most single-signon solutions for web applications require some type of web server plugin module to interact with the single-signon infrastructure. (This is how CA Siteminder works) That plugin has to take care of validating your user's SSO session cookie and pushing them off to a credential collector (log-in screen) if they don't have a valid one. These type of modules just don't exist for Splunkweb, so a proxy is needed to help glue it together.
There's no reason why that proxy shouldn't be able to exist on the same machine as Splunk. And, there's no Splunk-specific reason it can't be Squid -- provided you can get Squid to interact with your SSO infrastructure and pass along the proper headers. I've never used Squid in this way, and don't know if it's possible.
Just a quick comment - this site is community support for Splunk. Many of the people reading and answering these (such as myself) do not work for Splunk. If you need an official response from Splunk, you'll need to file a support case.
I found this article very helpful for setting Microsoft IIS as a reverse proxy for PKI authentication/SSO to Splunk.