Splunk Search

SSO login banner when using a CAC

bwgates
Explorer

I've been able to configure SSO for CAC via Apache proxy and everything works fine. I'm trying to figure out how to display a login banner like if you were to use username and password on the default Splunk login page where the user has to "accept" or at least be prompted fr some tpe of input before the user is allowed into Splunk. Has anyone been able to get this configured or point me in the right direction? Google searches didn't really help a lot. Thanks in advance.

Tags (1)
0 Karma

don1966
Loves-to-Learn Everything

Good morning.

 

Is it possible to get a copy of how you were able to configure SSO for CAC via Apache proxy? I am trying to get this done and have been trying for the past 4 days with no success.

Thanks

 

0 Karma

elliotproebstel
Champion

We use Apache as a proxy for SSO and have the following in our SSL conf file to force users to a warning cookie before they are able to access Splunk:

RewriteEngine on
RewriteCond %{HTTP_COOKIE} !accepted_warning=true [NC]
RewriteRule ^/(de-DE|en-US|en-GB|it-IT|ja-JP|ko-KO|zh-CN|zh-TW)/.*$ warning/ [NC,L,R=302]
ProxyPass "/warning" "!"
ProxyPass "/" "https://localhost:8001/"
ProxyPassReverse "/" "https://localhost:8001/"

Inside that /warning directory are an HTML page plus supporting JavaScript and CSS files. The gist of these is to present the required warning page and the JavaScript to set a cookie when the user clicks to accept. Once the user's browser has the cookie, the session will not be sent back to the warning page again until the user clears cookies or until something else clears the cookies/ends the session (e.g. when the browser is restarted).

0 Karma

jcutright
Engager

Is it possible to see the source for these files?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...