How to bypass SSO when a user as never logged in S...

madsurfer · ‎10-01-2014

Hi,

I enabled SSO for Splunk which works almost fine. I found a very annoying behavior with SSO.

If a new user has never logged in Splunk and that user has right to login, SSO keeps shouting that the user is unknow. What I found, is that a new user never logged in Splunk using the login page, splunk didn't add it to the user list and therfore the user.

Any clue how to resolve this annoying behavior ?

David

adhoke_splunk · ‎01-20-2017

you can use new variant of SSO i.e. Proxy SSO. It does not require user to be present in splunk account. More details here:
https://docs.splunk.com/Documentation/Splunk/6.5.1/Security/AboutProxySSO

linu1988 · ‎10-01-2014

i doubt suck things happen. When you add the AD group the users can be seen in the users list. Where do you see unknown? if there are frequent change in the AD group refresh it periodically.

madsurfer · ‎10-01-2014

Hi,

The user is shown in the "Map Group" settings in the authentication. Even if I remap the user, the user doesn't appear in the user list.

Splunk check in the "User List" to map with SSO, so until the first manual login, the user is redirect to the Splunk SSO Error Page saying that there is no matching user.

David

How to bypass SSO when a user as never logged in Splunk?

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!