Our AD environment has it as the userprincipalname. What attribute in AD stores your Principal Name for your CAC? If you open up the authentication certificate on your card it should show under the Subject Alternative Name. If you're not doing that then you don't need to use port 3269 fyi. I have multiple userBaseDNs because I pull from different AD trusts. User = DL SPLUNK Share - Read Splunk Users UserBaseDN = DC=XXX,DC=XXX,DC=XXX,DC=XXX DC=XXX1,DC=XXX,DC=XXX,DC=XXX DC=XXX2,DC=XXX,DC=XXX,DC=XXX GroupBaseDN = OU=SPLUNK,OU=Groups,OU=XXX,DC=XXX,DC=XXX,DC=XXX,DC=XXX `$SPLUNK_HOME/etc/system/local/nf`īindDN = CN=SPLUNK.SVC,OU=SPLUNK,OU=Service Accounts,OU=XXX,DC=XXX,DC=XXX,DC=XXX,DC=XXX Here are our existing Splunk authentication configuration: Is there a way to achieve the configuration we're looking for? * The Splunk web application is configured, via `web.conf`, to use SSO with the `remoteUser` configuration setting to set the Splunk user based on the value of the HTTP header. * The web server reverse proxies the connection to the Splunk web application server. * The web server assigns that user ID to an HTTP header. * The web server find's the user's ID (or equivalent field within the TLS client certificate data). * A web server like Apache is configured to require TLS client certificate authentication. What we're looking for is to build on that to centralize authorization by using LDAP group membership to determine the correct permissions for each user. * Splunk maps group membership into a role like "user" or "admin" within the application.ĬAC / Smart Card authentication means we've centralized our authentication. * Splunk looks up the user in an LDAP directory to get their group memberships. * User logs in with CAC / Smart Card authentication with PIN. We are using Splunk with CAC / Smart Card authentication and want to add to our configuration the ability to map LDAP groups to roles within Splunk.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |