Splunk® Enterprise

Securing Splunk Enterprise

Download manual as PDF

Download topic as PDF

About ProxySSO

ProxySSO is an authentication method that lets you configure Single-Sign On (SSO) for Splunk instances through a reverse proxy server. A user logged in using SSO can seamlessly access Splunk Web.

With ProxySSO Single-Sign On, user identity and group information can be passed in HTTP headers to Splunk Enterprise. Splunk Enterprise uses this information to authenticate users and authorize them by mapping groups to appropriate Splunk Enterprise roles.

ProxySSO authentication:

  • Combines authentication and authorization into one step for the user, streamlining the login process.
  • Reduces configuration steps. No need to configure complex LDAP strategies within Splunk Enterprise.
  • Reduces the back and forth messages between Splunk Enterprise and authentication services, making authentication more efficient.
  • The external authentication service is not restricted to LDAP as long as the proxy server can pass the required information.

ProxySSO cannot be configured through Splunk Web. Instead you must use the REST API or modify configuration files as described in Configure ProxySSO.

Splunk Cloud does not support ProxySSO.

Prerequisites

To set up ProxySSO, you should already have the following configured:

  • A Proxy Server configured to send required HTTP headers.
  • A working Splunk Enterprise configuration.

For more information about how to configure these items and set up ProxySSO, see Configure ProxySSO.

How it works

  1. The proxy server authenticates against the configured authentication service and creates an HTTP request.
  2. Splunk Enterprise receives HTTP headers from the trusted reverse proxy server.
  3. Splunk Enterprise checks trustedIP (which is configured in web.conf) for a receiving request from the proxy.


After a successful login, a session cookie is created and the user can seamlessly access Splunk Web.

PREVIOUS
Troubleshoot SAML SSO
  NEXT
Configure ProxySSO

This documentation applies to the following versions of Splunk® Enterprise: 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.2.0, 7.2.1


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters