Security

SSO with web application firewall and SAML

dominiquevocat
Motivator

I am investigating placing Splunk behind a web application firewall that handles authentication and general authorization.

Is there a way for Splunk to handle a SAML assertion?

Tags (2)
0 Karma
1 Solution

RubenOlsen
Path Finder

Not at this moment.

According to my iterations with Splunk support with regards to running Splunk (GUI) behind a firewall/proxy that handles authentication and general authorization, SAML might be implemented in the future.

My best bet is for you to either either do a scripted authentication hack - or, if you are using LDAP as the source for your user database, enable this in Splunk. The latter is probably the least painful solution.

View solution in original post

suarezry
Builder

Yes, it's possible as long as your web application firewall can talk SAML. Take a look at Configuring Single Sign-On with reverse proxy. This doc shows how you offload SAML to your web app.

0 Karma

RubenOlsen
Path Finder

Not at this moment.

According to my iterations with Splunk support with regards to running Splunk (GUI) behind a firewall/proxy that handles authentication and general authorization, SAML might be implemented in the future.

My best bet is for you to either either do a scripted authentication hack - or, if you are using LDAP as the source for your user database, enable this in Splunk. The latter is probably the least painful solution.

View solution in original post

RubenOlsen
Path Finder

I see no reason why not - but then your infrastructure becomes quite elaborate?

0 Karma

dominiquevocat
Motivator

yes, we currently do that as well as the groupmemberships etc. Is it possible to place a apache with a custom module handling the saml in between?

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.