I'm using the Centrify Active Directory Integration for Splunk and want to know if a user's account credentials can be passed from their intranet-based workstation and logged into splunk seamlessly; that is, without being presented with a login page... like a true SSO solution.
How would this be accomplished?
asked 22 Apr '12, 08:21
It should be possible, but it will require you to do a bit of work. Splunk supports "true" single signon by being front-ended by a single-signon aware proxy server. Splunk will implicitly allow logins in this mode using a header variable provided by the proxy server. Centrify (according to their website) does support single-signon into Apache. Apache can then be configured to proxy into Splunk, passing along the userid which logged in to Apache.
Splunk documentation covers this at http://docs.splunk.com/Documentation/Splunk/latest/Admin/Usesinglesign-onwithSplunk
answered 22 Apr '12, 14:26
Thanks for your reply. The Centrify module for Apache is not free... therefore it's not an option.
I have an apache2 proxy built, however I have been unable to get it to populate the REMOTE_USER variable. Additionally, it's unclear as to what auth module is recommended for domain lookups into AD. Can you shed some light on that?
I'm looking for the shortest/cheapest path toward true SSO and the Centrify addon looked like it would accomplish that, but unfortunately it only got me half way there.
I do appreciate your time and your recommendations.
answered 22 Apr '12, 14:30