Troubleshoot reverse-proxy SSO
Splunk Web provides an interface that allows you to analyze the environment and the run-time data to help you debug your deployment. This page can be accessed via the proxy or the direct URL. The request headers will not be available if you do not access this page through the proxy server.
+Splunk recommends that this setting is disabled after troubleshooting is complete.
This URL is located at:
http://YourSplunkServer:8000/debug/sso
Important: This debug page is not available by default. In order to make the page available, two steps must be completed. First, the role that is accessing this end point must have the web_debug
capability, which the admin role has by default. Second, in web.conf
, the setting enableWebDebug=true
must be configured. You should immediately disable this setting after you have finished troubleshooting.
Consider the following when using the troubleshooting page to analyze your deployment:
- Compare the IP provided as the Splunk trusted IP with that of the Host IP. The values must be the same (they should be the IP of your proxy). If they are not the same in the troubleshooting page, you must edit the
trustedIP
value inserver.conf
.
- Check the value for Incoming request IP received by splunkweb to make sure that it displays your client's IP address. If the IP does not match that of your client, you must:
- Edit
web.conf
to correct this. - Make sure that
tools.proxy.on
is set totrue
.
- Edit
- Make sure that your proxy is providing a header. Check the Authorization field under Other HTTP Headers. If there is no value present, check the
http.conf
file in your proxy to make sure that the remote header attribute value is properly set. Splunk software is configured to accept the remote header value ofREMOTE_USER
, which is the default for most proxies. If your proxy's remote header is different, and you wish to keep that value, you can edit the remote header value inweb.conf
to change the header that Splunk software will accept. See Configure SSO for more information.
- Make sure that Splunk Web is creating a cookie to send to splunkd. Check the Cookie field under Other HTTP headers to make sure that a cookie is set. If a cookie is not set, then check your
web.conf
file to make sure your file is properly configured. Configure SSO for more information.
Configure Single Sign-On with reverse proxy | Configure Splunk Enterprise to use a common access card for authentication |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0
Feedback submitted, thanks!