Re: SSO login banner when using a CAC

bwgates · ‎03-27-2018

I've been able to configure SSO for CAC via Apache proxy and everything works fine. I'm trying to figure out how to display a login banner like if you were to use username and password on the default Splunk login page where the user has to "accept" or at least be prompted fr some tpe of input before the user is allowed into Splunk. Has anyone been able to get this configured or point me in the right direction? Google searches didn't really help a lot. Thanks in advance.

don1966 · ‎01-17-2022

Good morning.

Is it possible to get a copy of how you were able to configure SSO for CAC via Apache proxy? I am trying to get this done and have been trying for the past 4 days with no success.

Thanks

elliotproebstel · ‎03-28-2018

We use Apache as a proxy for SSO and have the following in our SSL conf file to force users to a warning cookie before they are able to access Splunk:

RewriteEngine on
RewriteCond %{HTTP_COOKIE} !accepted_warning=true [NC]
RewriteRule ^/(de-DE|en-US|en-GB|it-IT|ja-JP|ko-KO|zh-CN|zh-TW)/.*$ warning/ [NC,L,R=302]
ProxyPass "/warning" "!"
ProxyPass "/" "https://localhost:8001/"
ProxyPassReverse "/" "https://localhost:8001/"

Inside that /warning directory are an HTML page plus supporting JavaScript and CSS files. The gist of these is to present the required warning page and the JavaScript to set a cookie when the user clicks to accept. Once the user's browser has the cookie, the session will not be sent back to the warning page again until the user clears cookies or until something else clears the cookies/ends the session (e.g. when the browser is restarted).

jcutright · ‎09-09-2019

Is it possible to see the source for these files?

SSO login banner when using a CAC

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!