Solved: SSO with web application firewall and SAML

dominiquevocat · ‎01-13-2012

I am investigating placing Splunk behind a web application firewall that handles authentication and general authorization.

Is there a way for Splunk to handle a SAML assertion?

RubenOlsen · ‎01-13-2012

Not at this moment.

According to my iterations with Splunk support with regards to running Splunk (GUI) behind a firewall/proxy that handles authentication and general authorization, SAML might be implemented in the future.

My best bet is for you to either either do a scripted authentication hack - or, if you are using LDAP as the source for your user database, enable this in Splunk. The latter is probably the least painful solution.

View solution in original post

suarezry · ‎11-24-2017

Yes, it's possible as long as your web application firewall can talk SAML. Take a look at Configuring Single Sign-On with reverse proxy. This doc shows how you offload SAML to your web app.

RubenOlsen · ‎01-13-2012

Not at this moment.

According to my iterations with Splunk support with regards to running Splunk (GUI) behind a firewall/proxy that handles authentication and general authorization, SAML might be implemented in the future.

My best bet is for you to either either do a scripted authentication hack - or, if you are using LDAP as the source for your user database, enable this in Splunk. The latter is probably the least painful solution.

RubenOlsen · ‎01-13-2012

I see no reason why not - but then your infrastructure becomes quite elaborate?

dominiquevocat · ‎01-13-2012

yes, we currently do that as well as the groupmemberships etc. Is it possible to place a apache with a custom module handling the saml in between?

SSO with web application firewall and SAML

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!