https://community.splunk.com/t5/Security/ProxySSO-authentication-failed-to-process-groups-header/m-p/391971#M9599 <PRE><CODE>ERROR UserManagerPro - Error initializing authentication - ProxySSO authType allowed only with SSOMode=strict in web.conf. </CODE></PRE> <P>Problem solved ...</P> Mon, 15 Apr 2019 09:42:59 GMT chclemence 2019-04-15T09:42:59Z https://community.splunk.com/t5/Security/ProxySSO-authentication-failed-to-process-groups-header/m-p/391969#M9597 <P>Hello,</P> <P>I'm trying to configure Proxy SSO authentication, with PingAccess, for Splunk Enterprise v7.2.5.1.<BR /> But whatever I try and configure on Splunk side, I obtain this message in the splunkd logs :</P> <PRE><CODE>DEBUG UiAuth - Value of header returned=&lt;user id&gt; INFO UiAuth - ProxySSO authType not configured, no groups header processing ERROR UiAuth - user=&lt;user id&gt; action=login status=failure reason=sso-failed useragent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36" clientip=&lt;proxy sso ip&gt; </CODE></PRE> <P>Here is my authentication.conf file:</P> <PRE><CODE>[authentication] authType = ProxySSO [roleMap_proxySSO] user_0 = P_SPLUNK_CONSULT-DATA-ALL_PUBLIC user_1 = P_SPLUNK_CONSULT-DATA-IT_INTERNE user_2 = P_SPLUNK_CONSULT-DATA-IT_CONFIDENT admin = pg_splunk </CODE></PRE> <P>And my web.conf file:</P> <PRE><CODE>[settings] SSOMode = permissive trustedIP = 127.0.0.1,&lt;proxy sso ip&gt; remoteUser = REMOTE_USER remoteGroups = REMOTE_GROUPS remoteGroupsQuoted = false allowSsoWithoutChangingServerConf = 1 enableSplunkWebSSL = 0 enableWebDebug = true </CODE></PRE> <P>The SSO debug page looks well, but the line "Value of REMOTE_GROUPS" remains empty (the user is ok).<BR /> And at the bottom of the page, in the "other http headers", there is the header "REMOTE_GROUPS" which contains the right list of groups, separated by commas, without quotes.</P> <P>According to the groups list and the group mapping rules, the user should obtain the first 3 roles (user_0, user_1, user_2).</P> <P>What did I miss ??</P> <P>Christophe</P> Tue, 29 Sep 2020 23:58:00 GMT https://community.splunk.com/t5/Security/ProxySSO-authentication-failed-to-process-groups-header/m-p/391969#M9597 chclemence 2020-09-29T23:58:00Z https://community.splunk.com/t5/Security/ProxySSO-authentication-failed-to-process-groups-header/m-p/391970#M9598 <P>Small update:</P> <P>I added a default role in authentication.conf:</P> <PRE><CODE> [authentication] authSettings = my_proxy authType = ProxySSO [my_proxy] defaultRoleIfMissing = user </CODE></PRE> <P>And the behaviour is the same, I receive an "unauthorized" error, even with the "defaultRoleIfMissing" configuration !</P> Mon, 08 Apr 2019 14:44:55 GMT https://community.splunk.com/t5/Security/ProxySSO-authentication-failed-to-process-groups-header/m-p/391970#M9598 chclemence 2019-04-08T14:44:55Z https://community.splunk.com/t5/Security/ProxySSO-authentication-failed-to-process-groups-header/m-p/391971#M9599 <PRE><CODE>ERROR UserManagerPro - Error initializing authentication - ProxySSO authType allowed only with SSOMode=strict in web.conf. </CODE></PRE> <P>Problem solved ...</P> Mon, 15 Apr 2019 09:42:59 GMT https://community.splunk.com/t5/Security/ProxySSO-authentication-failed-to-process-groups-header/m-p/391971#M9599 chclemence 2019-04-15T09:42:59Z