Hey lukaslentner!
I would suggest checking out our docs on "Securing Splunk Enterprise", https://docs.splunk.com/Documentation/Splunk/7.1.2/Security/WhatyoucansecurewithSplunk
specifically:
SSO:
https://docs.splunk.com/Documentation/Splunk/latest/Security/HowSplunkSSOworks
Splunk Single Sign-on (SSO) lets you use a reverse proxy to handle Splunk authentication, meaning that once the user has logged into their proxy, they can seamlessly access Splunk Web (and presumably any other applications configured to your proxy).
The reverse proxy implementation of Splunk Enterprise SSO supports logging into Splunk Enterprise only through Splunk Web. Since the implementation relies on cookies to save authentication information, SSO cannot be used for CLI authentication to Splunk Enterprise. Invoking https://localhost:8089 (or the assigned management port) still requires independent authentication.
It has a detailed break down on how it works. Hopefully this will steer you to success. Let us know how it goes!!
... View more