![]() Ideally, continuous operation of Search Head tier, when properly configured Dedicated ES SHC required Search head capacity is shared and (scheduled) search artifacts are replicated in each SHC. If you host Splunk Web behind a proxy that does not place Splunk Web at the proxy's root, you may also need to configure the root_endpoint setting in $SPLUNK_HOME/etc/system/local/web.conf.įor example if your proxy hosts Splunk Web at ":9000/splunk", root_endpoint should be set to /splunk. Example 3: Distributed Multi-Site Cluster Characteristics Provides protection against site failure Adds Search Head Clustering to the search tier. ![]() For later versions this value should be set to False. The default Splunk header used is REMOTE_USER, but if your proxy uses a different header, you can change the name of the header here.įor apache 1.x proxy this value shoud be set to True. This process is described in "About Splunk Single Sign-On". When you configure your remoteUser attribute, you must also configure the RequestHeader property in your proxy configuration to pass the identity's attribute to Splunk software. This value defaults to REMOTE_USER but any LDAP attribute can be passed in this request header as long as the proxy sets this attribute properly after authentication. The remoteUser attribute determines the authenticated identity's attribute that is passed by the proxy server via the HTTP request header. Specify a single address or a comma-separated list of addresses IP ranges and netmask notation are not supported. Set this to the IP address of the authenticating proxy or proxies. In permissive mode, if the IP attempting to connect does not match any IP address, a login page is displayed to allow the user to re-authenticate. Permissive mode also restricts authentication to requests from IPs found in the trustedIP list. If the IP attempting to connect does not match any IP address, an error page appears to the user. Strict mode restricts authentication to identities that match the IP addresses listed in trustedIP property. The SSOMode attribute determines whether the Splunk Web SSO operates in strict or permissive mode. You can only enter one IP address per splunkd instance. ![]() This is typically Splunk Web and therefore the localhost. Note: For optimal security, any HTTP header-based solutions should be implemented over a TLS/SSL enabled deployment.Įdit the trustedIP in the general settings stanza to add the IP address that will make secure authentication requests to splunkd. Edit the Splunk Enterprise web.conf file. Edit the properties on your proxy server to authenticate against your external authentication system.Ģ.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |