Splunk® Enterprise

Securing Splunk Enterprise

Download manual as PDF

Download topic as PDF

Set up user authentication with external systems

Your options for user authentication are:

Important: Splunk authentication takes precedence over any external systems.

This is the order in which Splunk software authenticates a user for LDAP:

1. Splunk authentication or SSO.

2. LDAP or scripted authentication (if enabled). For more information about LDAP, see "Set up user authentication with LDAP".

How scripted authentication works

In scripted authentication, a user-generated Python script serves as the middleman between the Splunk server and an external authentication system such as PAM or RADIUS.

The API consists of a few functions that handle communications between Splunk software and the authentication system. You need to create a script with handlers that implement those functions.

To integrate your authentication system with Splunk Enterprise, make sure the authentication system is running and then do the following:

1. Create a Python authentication script. See "Create the authentication script" for the procedure.

2. Enable your script by editing authentication.conf to specify scripted authentication and associated settings. See "Edit authentication.conf" for the procedure.


Examples

Splunk provides several example authentication scripts and associated configuration files, including one set for RADIUS and another for PAM. There is also a simple script called dumbScripted.py, which focuses on the interaction between the script and Splunk deployments.

You can use an example script and configuration file as the starting point for creating your own script. You must modify them for your environment.

You can find these examples in $SPLUNK_HOME/share/splunk/authScriptSamples/. That directory also contains a README file with information on the examples, as well as additional information on setting up the connection between Splunk Enterprise and external systems.

Important: These scripts are provided as examples that you can modify or extend as needed. They are not supported and there is no guarantee that they will fully meet your authentication and security needs.

PREVIOUS
Troubleshoot reverse-proxy SSO
  NEXT
Create the authentication script

This documentation applies to the following versions of Splunk® Enterprise: 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.2.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters