All Apps and Add-ons

Splunk Add-on for Microsoft Cloud Services: "Certificate Status: Auto-generated but not yet verified" - Is public IP required?

nhdpotter
Explorer

I followed the guide for this app in creating the connection into an Azure cloud.
Created integration application in Azure. For the redirect URL, I copied directly from the server I'm running the Splunk add-on from. This is an internal IP address
Connected with my account successfully using the client secret
Created a certificate, modified and uploaded manifest back in to Azure

My troubleshooting screen says "Certificate Status: Auto-generated but not yet verified"

The splunk_ta_microsoft-cloudservices_*.log log files don't seem to contain any useful information

If I access the redirect URL directly prompts me to log in to Splunk, but then just stays in a loading state and never goes anywhere

0 Karma

gjanders
SplunkTrust
SplunkTrust

This issue is fixed in version 2.0 of the app on my site...

Alerts for Splunk Admins https://splunkbase.splunk.com/app/3796/
Version Control for Splunk https://splunkbase.splunk.com/app/4355/
0 Karma

ehaddad_splunk
Splunk Employee
Splunk Employee

Certificate is needed to refresh the token automatically but not required for the oAUTH handshake.
This could be either one of the following:

  • Make sure the redirect is copied from the Add Account dialog in the Add-on itself. Should have the following format: http://:8000/en-US/app/Splunk_TA_microsoft-cloudservices/redirect http(s)://:8000/ is the actual url you are using to access splunk. Internal IP is ok here as long as as it is accissble.
  • Make sure you are using azure admin to login to Azure in that handshake. those credentials wont be saved on the splunk side. Its just used to generate the token.
  • Make sure you Azure App permission match what the doc states
0 Karma

Jmoor167
New Member

When you say "as long as as it is accessible"; does that mean that it has to able to be reach from the outside?

0 Karma

nhdpotter
Explorer

So it seems the app calls itself on the redirect URL, which then communicates with o365/azure. Azure would see the incoming URL as your Redirect URL.

So, internal address works for the application so long as the URL loads for you locally. (accessible internal)

0 Karma

Jmoor167
New Member

According to this article below the the app makes the call out to the Azure AD, which in turn s begins the conversation. So I would think that it would need a way to reach the Splunk search head from "outside". If this is correct assumption then it will need to either be natted or routed to the internal address where the search head lives. Correct?

https://msdn.microsoft.com/EN-US/library/office/dn707383.aspx

0 Karma

gjanders
SplunkTrust
SplunkTrust

Did you solve this ? We are finding similar issues where the Azure AD is validating the redirection URL and refusing to work if it is not externally accessible...

Alerts for Splunk Admins https://splunkbase.splunk.com/app/3796/
Version Control for Splunk https://splunkbase.splunk.com/app/4355/
0 Karma

gjanders
SplunkTrust
SplunkTrust

So far I have found issues where debug logging did not work on my instance, and the application appeared to be looking for a search head captain.

Since my search head / heavy forwarder was non-clustered this would never work, I have temporarily removed that code and I am past this error and still discussing the issues with Splunk support.

Alerts for Splunk Admins https://splunkbase.splunk.com/app/3796/
Version Control for Splunk https://splunkbase.splunk.com/app/4355/
0 Karma

gjanders
SplunkTrust
SplunkTrust

The issue for my site is sorted, the only issue was some code in the application that had identified my server as a search head cluster when it was not clustered...

Once I removed the invalid code, the application works as expected.

Alerts for Splunk Admins https://splunkbase.splunk.com/app/3796/
Version Control for Splunk https://splunkbase.splunk.com/app/4355/
0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.