Configure ProxySSO
Before you configure Splunk Enterprise, configure your proxy server so that it acts as a proxy for Splunk Web, prompts user for credentials, and passes user identity and groups to Splunk Web through HTTP headers:
AuthType Basic AuthBasicProvider ldap .... ProxyPass / http://mysplunkhost:8000/ ProxyPassReverse / http://mysplunkhost:8000/ .... AuthLDAPURL "ldap://<ldap-server>:<ldap-port>/OU=IT Department,DC=com?sn,sAMAccountName?" .... RequestHeader set Remote_User %{AUTHENTICATE_sn}e RequestHeader set Remote_Groups %{AUTHENTICATE_sAMAccountName}e ....
Configure Splunk Enterprise
1. Configure web.conf
[settings] SSOMode = strict trustedIP = 10.1.1.2 remoteUser = Remote_User remoteGroups = Remote_Groups remoteGroupsQuoted = true allowSsoWithoutChangingServerConf = 1
2. Restart Splunk.
3. In authentication.conf
configure the [authentication]
stanza:
[authentication] authType = ProxySSO authSettings = my_proxy
4. Map groups to Splunk roles in the roleMap_proxySSO
stanza.
[roleMap_proxySSO] admin = IT operational admin splunk-system-role = IT sub-admin
5. Configure the [my_proxy]
stanza for additional settings. If a group mapping is not found, the role configured in defaultRoleIfMissing
is assigned:
[my_proxy] defaultRoleIfMissing = user
6. Reload authentication to enable your changes.
About proxy single sign-on | Troubleshoot Proxy SSO |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.1.0, 9.1.1, 9.1.2, 9.2.0, 9.2.1, 9.3.0
Feedback submitted, thanks!