Using splunk Enterprise 6.3.1 (soon to upgrade to 6.4.1). I have splunk sitting behind a proxy which does authentication and passes the username (splunk SSO) and some other information to splunk in the http header. The authentication lets in any user that is in a specific group (maintained by an external system over which I have no control).
From this point, I need to do the following:
Create an account for the user in splunk if one does not already exist.
Set the user's roles based on the values of the "other information" in the http header.
Seems like I could be able to use scripted authentication for this, but everything I read seems to indicate that I need a separate sytem to save the users and roles. Is there any way to just update the splunk user & roles. I really don't want to have to maintain LDAP or something like that if I can avoid it.
↧