Set up user authentication with external systems
You can use scripted authentication, such as with external protocols and services like privileged access management (PAM) and remote authentication dial-in user service (RADIUS), to log users into Splunk Enterprise. Read this topic to learn about the steps you need to take to configure scripted authentication on Splunk Enterprise deployments.
Native Splunk authentication takes precedence over any other type of authentication scheme. When you configure scripted authentication, the Splunk native authentication scheme still processes logins before passing the request onward to the scripted authentication scheme.
Splunk Cloud Platform doesn't support scripted authentication of any kind. Don't try to use scripted authentication to log users into Splunk Cloud, even by using a Splunk app.
How scripted authentication works
In scripted authentication, a Python script that you create serves as the middleman between Splunk Enterprise and an external authentication system such as PAM or RADIUS.
The API consists of a few functions that handle communications between Splunk Enterprise and the authentication system. You need to create a script with handlers that implement those functions.
To integrate your authentication system with Splunk Enterprise, confirm that the authentication system is running and then do the following:
- Create a Python authentication script. See Create the authentication script for the procedure.
- Enable your script by editing the authentication.conf configuration file to specify scripted authentication and its associated settings. See Edit authentication.conf for the procedure.
Splunk provides several example authentication scripts and associated configuration files, including one set for RADIUS and another for PAM. There is also a simple script called
dumbScripted.py, which focuses on the interaction between the script and Splunk deployments.
The scripts that Splunk provides are examples that you can modify or extend as needed. Splunk does not support them, and there is no guarantee that they will fully meet your authentication and security needs.
You can use an example script and configuration file as the starting point for creating your own script. You must modify them for your environment.
You can find these examples in
$SPLUNK_HOME/share/splunk/authScriptSamples/. That directory also contains a README file with information on the examples, as well as additional information on setting up the connection between Splunk Enterprise and external systems.
Configure Splunk Enterprise to use a common access card for authentication
Create the authentication script
This documentation applies to the following versions of Splunk® Enterprise: 6.5.7, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 9.0.0, 9.0.1, 9.0.2, 9.0.3