Splunk® Enterprise

Securing Splunk Enterprise

Acrobat logo Download manual as PDF


Splunk Enterprise version 8.0 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
Acrobat logo Download topic as PDF

About ProxySSO

ProxySSO is an authentication method that lets you configure Single-Sign On (SSO) for Splunk instances through a reverse proxy server. A user logged in using SSO can seamlessly access Splunk Web.

With ProxySSO Single-Sign On, user identity and group information can be passed in HTTP headers to Splunk Enterprise. Splunk Enterprise uses this information to authenticate users and authorize them by mapping groups to appropriate Splunk Enterprise roles.

ProxySSO authentication:

  • Combines authentication and authorization into one step for the user, streamlining the login process.
  • Reduces configuration steps. No need to configure complex LDAP strategies within Splunk Enterprise.
  • Reduces the back and forth messages between Splunk Enterprise and authentication services, making authentication more efficient.
  • The external authentication service is not restricted to LDAP as long as the proxy server can pass the required information.

ProxySSO cannot be configured through Splunk Web. Instead you must use the REST API or modify configuration files as described in Configure ProxySSO.

Splunk Cloud does not support ProxySSO.

Prerequisites

To set up ProxySSO, you should already have the following configured:

  • A Proxy Server configured to send required HTTP headers.
  • A working Splunk Enterprise configuration.

For more information about how to configure these items and set up ProxySSO, see Configure ProxySSO.

How it works

  1. The proxy server authenticates against the configured authentication service and creates an HTTP request.
  2. Splunk Enterprise receives HTTP headers from the trusted reverse proxy server.
  3. Splunk Enterprise checks trustedIP (which is configured in web.conf) for a receiving request from the proxy.


After a successful login, a session cookie is created and the user can seamlessly access Splunk Web.

Last modified on 23 January, 2018
PREVIOUS
Troubleshoot SAML SSO 		  NEXT
Configure ProxySSO

This documentation applies to the following versions of Splunk® Enterprise: 6.5.7, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters