Security

SSO with web application firewall and SAML

Motivator

I am investigating placing Splunk behind a web application firewall that handles authentication and general authorization.

Is there a way for Splunk to handle a SAML assertion?

Tags (2)
0 Karma
1 Solution

Path Finder

Not at this moment.

According to my iterations with Splunk support with regards to running Splunk (GUI) behind a firewall/proxy that handles authentication and general authorization, SAML might be implemented in the future.

My best bet is for you to either either do a scripted authentication hack - or, if you are using LDAP as the source for your user database, enable this in Splunk. The latter is probably the least painful solution.

View solution in original post

Builder

Yes, it's possible as long as your web application firewall can talk SAML. Take a look at Configuring Single Sign-On with reverse proxy. This doc shows how you offload SAML to your web app.

0 Karma

Path Finder

Not at this moment.

According to my iterations with Splunk support with regards to running Splunk (GUI) behind a firewall/proxy that handles authentication and general authorization, SAML might be implemented in the future.

My best bet is for you to either either do a scripted authentication hack - or, if you are using LDAP as the source for your user database, enable this in Splunk. The latter is probably the least painful solution.

View solution in original post

Path Finder

I see no reason why not - but then your infrastructure becomes quite elaborate?

0 Karma

Motivator

yes, we currently do that as well as the groupmemberships etc. Is it possible to place a apache with a custom module handling the saml in between?

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!