Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

logging in with local admin while SSO is enabled.

anoopambli
Communicator
‎07-02-2013 04:33 AM

We have splunk instance enabled with SSO using CA siteminder. The user authorization is using splunk user config. All users configured with splunk are able to authenticate and authorize correctly. Keeping SSO enabled, is there anyway we can login to splunk using the local admin account of splunk?

We are accessing splunk via the proxy URL and direct URL of splunk would give SSO error.

this is the web.conf and server.conf configuration

web.conf
[settings]
\#SSO
SSOMode = strict
trustedIP = 10.93.171.10
remoteUser = Corpid
\#tools.proxy.on = true

server.conf
[general]
trustedIP=127.0.0.1

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎07-02-2013 07:09 AM

You can login with the local admin user. You need to set SSOMode = permissive.

Permissive: Requests to Splunk Web that originate from an untrusted IP address
are redirected to a login page where they can log into Splunk without using SSO.

View solution in original post

Reply
Solved! Jump to solution

linu1988
Champion
‎07-02-2013 08:49 AM

You can with your default splunk web access port. which is by default 8000. Splunk authenticated user will be able to access through this. Others can use SSO like you have configured.

0 Karma
Reply
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎07-02-2013 07:09 AM

You can login with the local admin user. You need to set SSOMode = permissive.

Permissive: Requests to Splunk Web that originate from an untrusted IP address
are redirected to a login page where they can log into Splunk without using SSO.

Reply
Solved! Jump to solution

anoopambli
Communicator
‎07-02-2013 05:06 AM

So that means once you have SSO enabled, you cant use the local account as that is not bound with any domain user account for authentication. The option left is to assign admin roles to one of the domain user who can authenticate. Is that correct?

0 Karma
Reply
Solved! Jump to solution

linu1988
Champion
‎07-02-2013 04:49 AM

I guess it's not possible. You can assign one user, admin privilege. the local admin can access through splunk web default port. As LDAP will not find any name "admin" in your groups i suppose it's not possible.

0 Karma
Reply
Get Updates on the Splunk Community!

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...