Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to setup DOD CAC Login for Splunk Web
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to setup DOD CAC Login for Splunk Web
I have been asked to ensure that the DOD CAC can be used to log into the Splunk Search Heads. Does anyone know how to do this? Is there any documentation somewhere i can reference.
Thanks much.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In our environment, users log in to their workstations with a card that is similar to DOD CAC. Their authentication is done with an ADFS server. When they access Splunk, we are using SAML authentication to verify their identity. Is this what you're looking for? If so, there are a few options:
- Your users are all in the same "user" role bucket and don't need a lot of specialized roles - in this case, you can use Splunk SAML authentication to pass UPN values.
- Your users have different roles, and those roles can be maintained in your ADFS records - in this case, you can still use Splunk SAML authentication, and ADFS will pass UPN and role info.
- Your users have different roles, and those roles need to be managed within Splunk, because you can't be bothering the ADFS team to manage those roles - in this case, you can wrap Splunk with Apache, acting as a reverse proxy, and shibboleth, which manages the SAML.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks so much for the response. No i was more looking into how to get them to log into Splunk using the CAC without involving any third party tools. Is that possible?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you mean you want them to use a CAC to log in without having some kind of SSO identity provider, such as ADFS? I don't know of any such way to do that. But if Splunk is running in a traditional enterprise environment where users a logging into their workstations with a CAC, then integration with ADFS is pretty straightforward.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As it turns out splunk does not have any direct method. So they provided documentation to utilize a proxy with the CAC.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good morning,
May I have a copy of that documentation? I am trying to get the same thing done with our Splunk server.
Thank you
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass
May 2026 Splunk Expert Sessions: Security & Observability
