We've installed Splunk Add-on for Box on intermediate forwarder and we are trying to configure it by going to manage apps -> Splunk Add-on for Box -> Setup. Setup requires to enter Box Oauth2 client id and client secret, which we did. After that we select other settings (proxy,etc) and click on "Save and Authenticate". Setup goes to Box login screen. After successfully entering credential, it goes to "Grant Access " screen. Clicking on "Grant Access" brings us back to Splunk Add-on for Box setup screen but with an error message "Failed to grant access" error. We performed the same setup on our Splunk dev instance (the same one server for forwarder, indexer, search head). It doesn't work in our Prod environment.
The following search
index=_internal sourcetype=box:addon:setup:log has this kind of error:
<font size="2">*12-07-2016 14:53:03.706 -0500 ERROR AdminManagerExternal - Failed to do authentication, reason=Traceback (most recent call last):\n File "/export/opt/splunk/etc/apps/Splunk_TA_box/bin/box_setup.py", line 152, in _handleAuthentication\n args["auth_code"])\n File "/export/opt/splunk/etc/apps/Splunk_TA_box/bin/boxsdk/auth/oauth2.py", line 150, in authenticate\n return self.send_token_request(data, access_token=None)\n File "/export/opt/splunk/etc/apps/Splunk_TA_box/bin/boxsdk/auth/oauth2.py", line 286, in send_token_request\n access_token=access_token,\n File "/export/opt/splunk/etc/apps/Splunk_TA_box/bin/box_client.py", line 60, in request\n **kwargs)\n File "/export/opt/splunk/etc/apps/Splunk_TA_box/bin/boxsdk/network/default_network.py", line 23, in request\n return DefaultNetworkResponse(self._session.request(method, url, **kwargs), access_token)\n File "/export/opt/splunk/etc/apps/Splunk_TA_box/bin/requests/sessions.py", line 475, in request\n resp = self.send(prep, **send_kwargs)\n File "/export/opt/splunk/etc/apps/Splunk_TA_box/bin/requests/sessions.py", line 585, in send\n r = adapter.send(request, **kwargs)\n File "/export/opt/splunk/etc/apps/Splunk_TA_box/bin/requests/adapters.py", line 477, in send\n raise SSLError(e, request=request)\nSSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:595)\n*</font>
Thank you in advance for any advice to get through this issue
By chance, does the 'dev' or the 'production' server have a proxy in-line? If so, are you doing SSL interception?
No, no SSL interception
@adamsaul just wanted to write an update. while 'dev' and 'production' servers were using the same proxy, which is, I was told, with no SSL interception - 'dev' server was on "bypass" policy on that proxy apparently. Firmware version of proxy is not compatible for us. So adding 'production' server to the same "bypass" policy on a proxy helped.
In our case, adding our 'production' Splunk server to "bypass" policy on proxy - solved the issue
and we were able to "successfully grant access" from Box to Splunk add-on