Single sign-on (SSO) lets you use some other web server to handle authentication for Splunk. For this to work, several assumptions are made, as follows:
- Your SSO system can act as an HTTP forwarding proxy, sending HTTP requests through to Splunk.
- Your SSO system can place the authenticated user's ID into an HTTP header.
- The IP of your server(s) forwarding requests is static.
- When given a particular username, Splunk will be able to determine what roles this user is a part of. This is usually accomplished using LDAP, but could also be accomplished by defining users directly through the Splunk UI or via a custom- scripted authentication plugin.
Assuming that all of these are true, the usual approach is to follow these steps:
- Configure LDAP authentication in Splunk.
- Configure your web server to send proxy requests through to Splunk: When this is configured...