Splunk as an SP w/Shibb IdP

Jim Fox fox at washington.edu
Thu Apr 28 11:28:03 EDT 2016

> I currently have a Splunk installation using their so-called single-sign on, i.e., behind an Apache+Shib SP reverse proxy that forwards a REMOTE_USER header. A long-standing annoyance is that if a Splunk browser tab is left open but the session is invalidated, i.e., laptop violating the consistent source IP address policy (see other recent threads), the Splunk web client's continual AJAX polling can create tens of redirects per second until the user either logs on to shibb or kills the tab. (Not really an operational problem, but annoying when I'm looking at the IdP logs.) Has anyone else experienced and solved this problem?

Our current IdP is behind Apache and I solved this problem with 
mod_evasive.  Our future IdP will be controlled by an F5 traffic manager, 
which has it's own way to do the same thing.


More information about the users mailing list