Splunk Search

SSO login banner when using a CAC


I've been able to configure SSO for CAC via Apache proxy and everything works fine. I'm trying to figure out how to display a login banner like if you were to use username and password on the default Splunk login page where the user has to "accept" or at least be prompted fr some tpe of input before the user is allowed into Splunk. Has anyone been able to get this configured or point me in the right direction? Google searches didn't really help a lot. Thanks in advance.

Tags (1)
0 Karma


We use Apache as a proxy for SSO and have the following in our SSL conf file to force users to a warning cookie before they are able to access Splunk:

RewriteEngine on
RewriteCond %{HTTP_COOKIE} !accepted_warning=true [NC]
RewriteRule ^/(de-DE|en-US|en-GB|it-IT|ja-JP|ko-KO|zh-CN|zh-TW)/.*$ warning/ [NC,L,R=302]
ProxyPass "/warning" "!"
ProxyPass "/" "https://localhost:8001/"
ProxyPassReverse "/" "https://localhost:8001/"

Inside that /warning directory are an HTML page plus supporting JavaScript and CSS files. The gist of these is to present the required warning page and the JavaScript to set a cookie when the user clicks to accept. Once the user's browser has the cookie, the session will not be sent back to the warning page again until the user clears cookies or until something else clears the cookies/ends the session (e.g. when the browser is restarted).

0 Karma


Is it possible to see the source for these files?

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!