Solved: Why site doesn't load trying to access Splunk via ...

erusten · ‎11-04-2014

I've tried to implement Splunk 6.2 SSO using Windows 2012R2 IIS Server. But when i try to access splunk via proxy the site does not load properly. I only get:

splunk>
Loading...

My Network consists of one Windows 2012R2 Server with Splunk 6.2/ IIS / ARR 3.0 / Helicon ISAPI_Rewrite 3.1 Lite. I've been following instructions from #Conf2014 "Passwords Are For Chumps: Using Single Sign-on" Video and slidedeck is available on http://conf.splunk.com/sessions/2014?r=conf_topnav_keynotessessions_2014sessions.

Everything looks fine with /debug/sso

Remote User HTTP Header REMOTE-USER
Value of REMOTE-USER erik

My ISAPI Config:

Helicon ISAPI_Rewrite configuration file
Version 3.1.0.104

RewriteHeader REMOTE_USER: .* $1
RewriteMap user int:tolower
RewriteCond %{REMOTE_USER} .\([^\]+)
RewriteHeader Remote-User: . ${user:%1}
RewriteBase /

What wrong with my setup ?

HansK · ‎11-04-2014

We had issues with a apache proxy setup, trying to use SSO on 6.2, which worked perfectly on 6.1

"fix" was to run in legacy mode by adding appServerPorts = 0 to web.conf

View solution in original post

jdastmalchi_spl · ‎03-23-2015

SPL-92698 was fixed in 6.2.1

AKG · ‎05-19-2015

Hi

Just an update, our splunk was upgraded to 6.2.3 recently and it broke our SSO.

we had to use appServerPorts = 0 option for time being.

Thank you

HansK · ‎11-04-2014

We had issues with a apache proxy setup, trying to use SSO on 6.2, which worked perfectly on 6.1

"fix" was to run in legacy mode by adding appServerPorts = 0 to web.conf

jdastmalchi_spl · ‎11-14-2014

Please don't use appServerPorts=0 as a final fix, Legacy mode can be used as an interim workaround to minimize intruption to your service but the main underlying issue needs to be investigated and addressed.

dprows · ‎01-12-2015

How do we find the underlying issue so we don't need to use Legacy mode?

HansK · ‎01-14-2015

http://docs.splunk.com/Documentation/Splunk/6.2.1/ReleaseNotes/6.2.1
2014-10-28 PL-92730 Splunk 6.2 appears to break reverse proxy., SPL-92730

I have ticket open (199508), but no fix yet.

HansK · ‎01-22-2015

Our problem has been fixed after receiving some tips from splunk support, we use a php script in combination with mod_rewrite to proxy.
It seems cookie handling has changed between 6.1 & 6.2

HansK · ‎01-22-2015

// Added for new splunk version to work.
curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/splunk-cookie-'. session_id());
curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/splunk-cookie-'. session_id());
//

Full code

dprows · ‎01-28-2015

Unfortunately, we are using IIS and am not sure how to adapt this to work in our environment. I tried to search for IIS option for this, but came up empty handed.

dprows · ‎01-14-2015

The issue appears to be with SSL, as going to http://iporservername:8000 works fine after the header has been rewritten, but not with https://iporservername. Hopefully, they will get this fixed soon as it is a bit of a pain.

Why site doesn't load trying to access Splunk via proxy with Splunk 6.2 SSO using Windows 2012R2 IIS Server?

My ISAPI Config:

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Mastering Data Pipelines: Unlocking Value with Splunk

The Latest Cisco Integrations With Splunk Platform!