The Splunk for OpenAM App provides security reporting and analysis tool for OpenAM log data (open source access management, entitlements and federation server platform) through dashboards on authentications, users, and applications, as well as a tracking interface to explore users' authentication events.
This App has been developped on Splunk 6.4 with OpenAM v12.
- Splunk 6.2 or ulterior is a prerequisite
- Other OpenAM versions have not been qualified and fields' extractions may have to be adapted if necessary
- For all other prerequisites, please refer to instructions below
Please refer to Readme pages for installation and configuration instructions :
- CLI : vi $SPLUNK_HOME/etc/apps/SplunkforOpenAM/README.txt
- WebUI : Click on "Readme" page on Navigation Menu of "Splunk for OpenAM" App
Service Providers dashboard is very slow on Splunk versions prior to 6.3.
--> Please upgrade at least to Splunk 6.3 for best performances.
Splunk Navigation Menu is not displayed on Readme page on Splunk versions prior to 6.4.
--> Please upgrade at least to Splunk 6.4 to display the navigation menu on this page
Tracking dashboard returns "Invalid latest_time: latest_time must be after earliest_time." error when clicking on a line.
--> Please don't use "All Time" in DataRangePicker for this dashboard.
This App doesn't work since v1.2 upgrade
--> Since v1.2, search requests have been modified to search only by sourcetypes instead of using an "openam" index by default (This allow you to use your own index).
--> If a specific index is used (like "openam"), please add this index to be searched by default in user role or modify search requests on dashboards to use this index.
Server inputs on dashboards returns all devices, even if it's not an OpenAM server.
--> Since v1.2, populating search has been modified to not search in an "openam" index by default
--> To return only OpenAM servers on dashboards inputs, please modify populating search requests by specifying your index (for example, replace "| metadata index=* type=hosts" by "| metadata index=openam type=hosts" if your OpenAM logs are in an index named "openam").
Support is on a best-effort basis.
Please select the "Ask a question" button (on the right) if you encounter issue or to post a question/suggestion (tagged with this app).
*** local.meta file removed (please read carefully readme files and details section on this page if you encounter any issue after upgrading this app from v1.0 or v1.1) ******
*** Search requests and instructions modified so that an index named "openam" is not a prerequisite anymore (please read carefully readme files and details section on this page if you encounter any issue after the upgrade) ***
*** Import of splunkjs/mvc/headerview and splunkjs/mvc/footerrview deleted in Readme.html file
*** Sourcetypes added in searches where it was missing
*** Label modified in "OpenAM" to match name on Splunkbase
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.