Security

SSO for Splunk Web

gjackson3
Engager

Splunk Support,

We are attempting to use AD authentication for logins to our Splunk Web instance. We would like to be able to use the login credentials provided by our AD logins to our Windows workstation and pass those credentials on to Splunk Web so that we are not asked for a username/password to login to Splunk.

I have read docs about SSO with Splunk using a proxy server. Is there any way to provide SSO using AD authentication without having to set up a proxy server? If not:

  • Can the Proxy Server application reside on the same server as our Splunk installation?
  • Can the Squid Proxy software be used instead of Apache/IIS and, if so, how?

Thanks,
George Jackson
DISA

Tags (1)

andrewbeeber
Explorer

Hi everyone,

I found this article very helpful for setting Microsoft IIS as a reverse proxy for PKI authentication/SSO to Splunk.

http://blogs.msdn.com/b/chiranth/archive/2014/08/03/application-request-routing-part-2-reverse-proxy...

0 Karma

dwaddle
SplunkTrust
SplunkTrust

Splunk alone can support using AD as an authentication store. Which, of course, requires you to log in a second time using the same authentication data. But currently, the only supported way to do "true" single signon (where you only enter your login credentials once) is via a proxy server. That proxy server has to know how to interact with your single signon environment, and pass along the right HTTP header information to Splunk.

Most single-signon solutions for web applications require some type of web server plugin module to interact with the single-signon infrastructure. (This is how CA Siteminder works) That plugin has to take care of validating your user's SSO session cookie and pushing them off to a credential collector (log-in screen) if they don't have a valid one. These type of modules just don't exist for Splunkweb, so a proxy is needed to help glue it together.

There's no reason why that proxy shouldn't be able to exist on the same machine as Splunk. And, there's no Splunk-specific reason it can't be Squid -- provided you can get Squid to interact with your SSO infrastructure and pass along the proper headers. I've never used Squid in this way, and don't know if it's possible.

dwaddle
SplunkTrust
SplunkTrust

Just a quick comment - this site is community support for Splunk. Many of the people reading and answering these (such as myself) do not work for Splunk. If you need an official response from Splunk, you'll need to file a support case.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...