OpenAM
Overview
Details
Description
The Splunk for OpenAM App provides security reporting and analysis tool for OpenAM log data (open source access management, entitlements and federation server platform) through dashboards on authentications, users, and applications, as well as a tracking interface to explore users' authentication events.
Prerequisites
This App has been developped on Splunk 6.4 with OpenAM v12.
- Splunk 6.2 or ulterior is a prerequisite
- Other OpenAM versions have not been qualified and fields' extractions may have to be adapted if necessary
- For all other prerequisites, please refer to instructions below
Instructions
Please refer to Readme pages for installation and configuration instructions :
- CLI : vi $SPLUNK_HOME/etc/apps/SplunkforOpenAM/README.txt
- WebUI : Click on "Readme" page on Navigation Menu of "Splunk for OpenAM" App
FAQ
Service Providers dashboard is very slow on Splunk versions prior to 6.3.
--> Please upgrade at least to Splunk 6.3 for best performances.
Splunk Navigation Menu is not displayed on Readme page on Splunk versions prior to 6.4.
--> Please upgrade at least to Splunk 6.4 to display the navigation menu on this page
Tracking dashboard returns "Invalid latest_time: latest_time must be after earliest_time." error when clicking on a line.
--> Please don't use "All Time" in DataRangePicker for this dashboard.
This App doesn't work since v1.2 upgrade
--> Since v1.2, search requests have been modified to search only by sourcetypes instead of using an "openam" index by default (This allow you to use your own index).
--> If a specific index is used (like "openam"), please add this index to be searched by default in user role or modify search requests on dashboards to use this index.
Server inputs on dashboards returns all devices, even if it's not an OpenAM server.
--> Since v1.2, populating search has been modified to not search in an "openam" index by default
--> To return only OpenAM servers on dashboards inputs, please modify populating search requests by specifying your index (for example, replace "| metadata index=* type=hosts" by "| metadata index=openam type=hosts" if your OpenAM logs are in an index named "openam").
Support
Support is on a best-effort basis.
Please select the "Ask a question" button (on the right) if you encounter issue or to post a question/suggestion (tagged with this app).
Change Log
v1.3
- local.meta file removed.
v1.2
- Search requests and readme files have been modified so that an "openam" index is not a prerequisite anymore.
v1.1
- Import of splunkjs/mvc/headerview and splunkjs/mvc/footerrview deleted in Readme.html file
- Sourcetypes added in searches where it was missing
- Label modified in "OpenAM" to match name on Splunkbase
v1.0
Initial release.
Release Notes
Version 1.3
*** local.meta file removed (please read carefully readme files and details section on this page if you encounter any issue after upgrading this app from v1.0 or v1.1) ******
Version 1.2
*** Search requests and instructions modified so that an index named "openam" is not a prerequisite anymore (please read carefully readme files and details section on this page if you encounter any issue after the upgrade) ***
Version 1.1
*** Import of splunkjs/mvc/headerview and splunkjs/mvc/footerrview deleted in Readme.html file
*** Sourcetypes added in searches where it was missing
*** Label modified in "OpenAM" to match name on Splunkbase
Version 1.0
Initial release.