What it achieves
• When bob or john login, they see the data from client1indexmobileevent
• When peter logs in, he sees data from client2indexmobileevent
For the same query of search index=*indexmobileevent | head 10
How to configure a scenario where client1 has user called John and client2 also has user called John, so that
• John from client1 has access to data from client1indexmobileevent
• John from client2 has access to data from client2indexmobileevent
I’ve an external system that maintains the data in client: username : password format e.g. for the above mentioned scenario of john, it will have information like
If I want to use that system for login (to provide a seamless experience to end user and off-load password management to that system) , WHAT ARE my steps to achieve this so that John from client1 still sees only clien1 data and John2 from client2 sees only for client2 index data
Any pointers would be highly appreciated.
Two users in one system can't have the same name.
I see two solutions: Change your user names to client_user to mitigate conflicts, or set up two search heads and connect one to client1's ldap and the other to client2's ldap to avoid conflicts entirely.
If both Johns log in to the same system using the login name "john" then there's no way for the system to distinguish the two.
I don't see how custom scripted external authentication could solve this because the key problem remains the same - both type the same user name into the same box.
You'll need either different names or different systems.
In splunk setup, when I use external system for authentication - is defining a username within Splunk a must ? What I mean is -
In this, I don't define John in Splunk at all...
Is that feasible option ?
You are correct that , client_user is an option; but it is not a good user experience as I'll have to ask clients to suffix client_ to every use
I've search head clustering to have scalability of the setup.
Any pointers/steps for external system integration? The external system (NOT AD or LADAP, but a custom database) will maintain table with four columns - clientname, username, role, password .. how can splunk use that system to authenticate user and have right role associated with the log in?