Download topic as PDF
Configure ProxySSO
Before you configure Splunk Enterprise, configure your proxy server so that it acts as a proxy for Splunk Web, prompts user for credentials, and passes user identity and groups to Splunk Web through HTTP headers:
AuthType Basic
AuthBasicProvider ldap
....
ProxyPass / http://mysplunkhost:8000/
ProxyPassReverse / http://mysplunkhost:8000/
....
AuthLDAPURL "ldap://<ldap-server>:<ldap-port>/OU=IT Department,DC=com?sn,sAMAccountName?"
....
RequestHeader set Remote_User %{AUTHENTICATE_sn}e
RequestHeader set Remote_Groups %{AUTHENTICATE_sAMAccountName}e
....
Configure Splunk Enterprise
1. Configure web.conf
[settings] SSOMode = strict trustedIP = 10.1.1.2 remoteUser = Remote_User remoteGroups = Remote_Groups remoteGroupsQuoted = true allowSsoWithoutChangingServerConf = 1
2. Restart Splunk.
3. In authentication.conf configure the [authentication] stanza:
[authentication] authType = ProxySSO authSettings = my_proxy
4. Map groups to Splunk roles in the roleMap_proxySSO stanza.
[roleMap_proxySSO] admin = IT operational admin splunk-system-role = IT sub-admin
5. Configure the [my_proxy] stanza for additional settings. If a group mapping is not found, the role configured in defaultRoleIfMissing is assigned:
[my_proxy] defaultRoleIfMissing = user
6. Reload authentication to enable your changes.
|
PREVIOUS About ProxySSO |
NEXT Troubleshoot Proxy SSO |
This documentation applies to the following versions of Splunk® Enterprise: 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4
Feedback submitted, thanks!