I am working on enabling SSO on splunk using siteminder. I have worked with siteminder folks in my company and got apache and siteminder webagent installed and configured. Apache is installed on the same server as splunk. At this point the apache proxy url is going through siteminder and gives me "it works" page, looks like i need to setup splunk to accept the siteminder requests and authorize the user.
Currently splunk is using its own authentication system, i have done the steps of adjusting server.conf and web.conf as per the below url but after that proxy based URL is not redirecting me to splunk. Can someone help me with understanding what all config needs to be done in splunk to get this working.
Change Splunk to use LDAP authentication.
Setup a reverse proxy server (apache with mod_proxy) and the CA SiteMinder Web Agent installed.
Protect the reverse proxy in SiteMinder.
httpport = 80
SSOMode = strict
trustedIP = ip_address_of_your_reverse_proxy
remoteUser = SM_UNIVERSALID
I managed to get Splunk working with SiteMinder, but am running into an error when using the drill-down functionality. The SiteMinder WebAgent is flagging this as Cross Site Scripting behavior. Since the Splunk search is included in the URL, the BadCSSChars parameter of the SiteMinder WebAgent Agent Configuration Object is blocking the query, and returning an HTTP 403 error.
We have a standard set of characters defined as BadCSSChars, to prevent Cross Site Scripting, and I'm not sure I will be allowed to deviated from this standard to get Splunk working. Does anyone have any ideas how to work around this issue?
could you share your findings with us?
We are looking to integrate splunk into a portal with SSO, perhaps using siteminder
Currently we have the problem understand the benefit of using siteminder