ProxySSO is an authentication method that lets you configure Single-Sign On (SSO) for Splunk instances through a reverse proxy server. A user logged in using SSO can seamlessly access Splunk Web.
With ProxySSO Single-Sign On, user identity and group information can be passed in HTTP headers to Splunk Enterprise. Splunk Enterprise uses this information to authenticate users and authorize them by mapping groups to appropriate Splunk Enterprise roles.
- Combines authentication and authorization into one step for the user, streamlining the login process.
- Reduces configuration steps. No need to configure complex LDAP strategies within Splunk Enterprise.
- Reduces the back and forth messages between Splunk Enterprise and authentication services, making authentication more efficient.
- The external authentication service is not restricted to LDAP as long as the proxy server can pass the required information.
Splunk Cloud does not support ProxySSO.
To set up ProxySSO, you should already have the following configured:
- A Proxy Server configured to send required HTTP headers.
- A working Splunk Enterprise configuration.
For more information about how to configure these items and set up ProxySSO, see Configure ProxySSO.
How it works
- The proxy server authenticates against the configured authentication service and creates an HTTP request.
- Splunk Enterprise receives HTTP headers from the trusted reverse proxy server.
- Splunk Enterprise checks
trustedIP(which is configured in
web.conf) for a receiving request from the proxy.
After a successful login, a session cookie is created and the user can seamlessly access Splunk Web.
Troubleshoot SAML SSO
This documentation applies to the following versions of Splunk® Enterprise: 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0