Troubleshoot Proxy SSO
You can view the HTTP request headers that proxy server sends to Splunk Web on the below endpoint after you set enableWebDebug=true
in web.conf
under settings
stanza:
http://<ProxyServerIP>:<ProxyServerPort>/debug/sso
This endpoint will help to verify some of the common configuration or setup errors:
- Incoming request IP matches the configured value of
trustedIP
- Ensure header attribute names set on proxy server are same as those configured on Splunk
- Make sure group entries are sent and parsed correctly. Especially, when
remoteGroupsQuoted = true
is set. You can see how groups are parsed by addingcategory.UiAuth=DEBUG
inetc/log.cfg
undersplunkd
stanza.
Once this is verified, check the following configuration:
- Groups parsed have mapping in
roleMap_proxySSO
- In some cases, user cannot log in because either the user or their roles are on an exclusion list. Check excludedobjects under the stanza named after value of
authSettings
These kind of login events are logged in var/log/splunkd.log
along with the reason for failure.
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.1.0, 9.1.1, 9.1.2, 9.2.0, 9.2.1, 9.3.0
Feedback submitted, thanks!