Security

SSO with web application firewall and SAML

dominiquevocat
Builder

I am investigating placing Splunk behind a web application firewall that handles authentication and general authorization.

Is there a way for Splunk to handle a SAML assertion?

Tags (2)
0 Karma
1 Solution

RubenOlsen
Path Finder

Not at this moment.

According to my iterations with Splunk support with regards to running Splunk (GUI) behind a firewall/proxy that handles authentication and general authorization, SAML might be implemented in the future.

My best bet is for you to either either do a scripted authentication hack - or, if you are using LDAP as the source for your user database, enable this in Splunk. The latter is probably the least painful solution.

View solution in original post

suarezry
Builder

Yes, it's possible as long as your web application firewall can talk SAML. Take a look at Configuring Single Sign-On with reverse proxy. This doc shows how you offload SAML to your web app.

0 Karma

RubenOlsen
Path Finder

Not at this moment.

According to my iterations with Splunk support with regards to running Splunk (GUI) behind a firewall/proxy that handles authentication and general authorization, SAML might be implemented in the future.

My best bet is for you to either either do a scripted authentication hack - or, if you are using LDAP as the source for your user database, enable this in Splunk. The latter is probably the least painful solution.

View solution in original post

RubenOlsen
Path Finder

I see no reason why not - but then your infrastructure becomes quite elaborate?

0 Karma

dominiquevocat
Builder

yes, we currently do that as well as the groupmemberships etc. Is it possible to place a apache with a custom module handling the saml in between?

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!