Single Sign On (SSO) lets you use some other web server to handle authentication for Splunk. For this to work, several assumptions are made, as follows:
- Your SSO system can act as an HTTP forwarding proxy, sending HTTP requests through to Splunk.
- Your SSO system can place the authenticated user's ID into an HTTP header.
- The IP of your server(s) forwarding requests is static.
- When given a particular username, Splunk will be able to determine what roles this user is a part of. This is usually accomplished using LDAP but could be accomplished by defining users directly through the Splunk UI or via a custom scripted authentication plugin.
Assuming all of these are true, the usual approach is to follow these steps:
- Configure LDAP authentication ...