Set up user authentication with external systems
Your options for user authentication are:
- Splunk authentication
- Single sign-on
- A scripted authentication API for use with an external authentication system, such as PAM or RADIUS, described in this section.
Important: Splunk authentication takes precedence over any external systems.
This is the order in which Splunk software authenticates a user for LDAP:
1. Splunk authentication or SSO.
2. LDAP or scripted authentication (if enabled). For more information about LDAP, see "Set up user authentication with LDAP".
How scripted authentication works
In scripted authentication, a user-generated Python script serves as the middleman between the Splunk server and an external authentication system such as PAM or RADIUS.
The API consists of a few functions that handle communications between Splunk software and the authentication system. You need to create a script with handlers that implement those functions.
To integrate your authentication system with Splunk Enterprise, make sure the authentication system is running and then do the following:
1. Create a Python authentication script. See "Create the authentication script" for the procedure.
2. Enable your script by editing authentication.conf to specify scripted authentication and associated settings. See "Edit authentication.conf" for the procedure.
Splunk provides several example authentication scripts and associated configuration files, including one set for RADIUS and another for PAM. There is also a simple script called
dumbScripted.py, which focuses on the interaction between the script and Splunk deployments.
You can use an example script and configuration file as the starting point for creating your own script. You must modify them for your environment.
You can find these examples in
$SPLUNK_HOME/share/splunk/authScriptSamples/. That directory also contains a README file with information on the examples, as well as additional information on setting up the connection between Splunk Enterprise and external systems.
Important: These scripts are provided as examples that you can modify or extend as needed. They are not supported and there is no guarantee that they will fully meet your authentication and security needs.
Troubleshoot reverse-proxy SSO
Create the authentication script
This documentation applies to the following versions of Splunk® Enterprise: 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.2.0, 7.2.1