Splunk® Enterprise

Securing Splunk Enterprise

Download manual as PDF

Download topic as PDF

Troubleshoot Proxy SSO

You can view the HTTP request headers that proxy server sends to Splunk Web on the below endpoint after you set enableWebDebug=true in web.conf under settings stanza:

http://<ProxyServerIP>:<ProxyServerPort>/debug/sso

This endpoint will help to verify some of the common configuration or setup errors:

  • Incoming request IP matches the configured value of trustedIP
  • Ensure header attribute names set on proxy server are same as those configured on Splunk
  • Make sure group entries are sent and parsed correctly. Especially, when remoteGroupsQuoted = true is set. You can see how groups are parsed by adding category.UiAuth=DEBUG in etc/log.cfg under splunkd stanza.


Once this is verified, check the following configuration:

  • Groups parsed have mapping in roleMap_proxySSO
  • In some cases, user cannot login because either the user or their roles are blacklisted. Check blacklisted objects under stanza named after value of authSettings

These kind of login events are logged in var/log/splunkd.log along with reason for failure.

PREVIOUS
Configure ProxySSO
  NEXT
About Single Sign-On using reverse proxy

This documentation applies to the following versions of Splunk® Enterprise: 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.2.0, 7.2.1


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters