Using Single Sign On
Single Sign On (SSO) lets you use some other web server to handle authentication for Splunk. For this to work, several assumptions are made, as follows:
Your SSO system can act as an HTTP forwarding proxy, sending HTTP requests through to Splunk.
Your SSO system can place the authenticated user's ID into an HTTP header.
The IP of your server(s) forwarding requests is static.
When given a particular username, Splunk will be able to determine what roles this user is a part of. This is usually accomplished using LDAP but could be accomplished by defining users directly through the Splunk UI or via a custom scripted authentication plugin.
Assuming all of these are true, the usual approach is to follow these steps:
Configure LDAP authentication in Splunk.
Configure your web server to send proxy requests through to Splunk: When this is configured properly, you should be able to use Splunk as if you were accessing the Splunk web application directly.
Configure your web server to authenticate...
