Troubleshoot reverse-proxy SSO
Splunk Web provides an interface that allows you to analyze the environment and the run-time data to help you debug your deployment. This page can be accessed via the proxy or the direct URL. The request headers will not be available if you do not access this page through the proxy server.
+Splunk recommends that this setting is disabled after troubleshooting is complete.
This URL is located at:
Important: This debug page is not available by default. In order to make the page available, two steps must be completed. First, the role that is accessing this end point must have the
web_debug capability, which the admin role has by default. Second, in
web.conf, the setting
enableWebDebug=true must be configured. You should immediately disable this setting after you have finished troubleshooting.
Consider the following when using the troubleshooting page to analyze your deployment:
- Compare the IP provided as the Splunk trusted IP with that of the Host IP. The values must be the same (they should be the IP of your proxy). If they are not the same in the troubleshooting page, you must edit the
- Check the value for Incoming request IP received by splunkweb to make sure that it displays your client's IP address. If the IP does not match that of your client, you must:
web.confto correct this.
- Make sure that
tools.proxy.onis set to
- Make sure that your proxy is providing a header. Check the Authorization field under Other HTTP Headers. If there is no value present, check the
http.conffile in your proxy to make sure that the remote header attribute value is properly set. Splunk software is configured to accept the remote header value of
REMOTE_USER, which is the default for most proxies. If your proxy's remote header is different, and you wish to keep that value, you can edit the remote header value in
web.confto change the header that Splunk software will accept. See Configure SSO for more information.
- Make sure that Splunk Web is creating a cookie to send to splunkd. Check the Cookie field under Other HTTP headers to make sure that a cookie is set. If a cookie is not set, then check your
web.conffile to make sure your file is properly configured. Configure SSO for more information.
Configure Single Sign-On with reverse proxy
Configure Splunk Enterprise to use a common access card for authentication
This documentation applies to the following versions of Splunk® Enterprise: 6.5.7, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4
Feedback submitted, thanks!