Getting Data In

Why site doesn't load trying to access Splunk via proxy with Splunk 6.2 SSO using Windows 2012R2 IIS Server?

erusten
Engager

I've tried to implement Splunk 6.2 SSO using Windows 2012R2 IIS Server. But when i try to access splunk via proxy the site does not load properly. I only get:

splunk>
Loading...

My Network consists of one Windows 2012R2 Server with Splunk 6.2/ IIS / ARR 3.0 / Helicon ISAPI_Rewrite 3.1 Lite. I've been following instructions from #Conf2014 "Passwords Are For Chumps: Using Single Sign-on" Video and slidedeck is available on http://conf.splunk.com/sessions/2014?r=conf_topnav_keynotessessions_2014sessions.

Everything looks fine with /debug/sso

Remote User HTTP Header REMOTE-USER
Value of REMOTE-USER erik

My ISAPI Config:

Helicon ISAPI_Rewrite configuration file
Version 3.1.0.104

RewriteHeader REMOTE_USER: .* $1
RewriteMap user int:tolower
RewriteCond %{REMOTE_USER} .\([^\]+)
RewriteHeader Remote-User: .
${user:%1}
RewriteBase /

What wrong with my setup ?

Tags (5)
1 Solution

HansK
Path Finder

We had issues with a apache proxy setup, trying to use SSO on 6.2, which worked perfectly on 6.1

"fix" was to run in legacy mode by adding appServerPorts = 0 to web.conf

View solution in original post

jdastmalchi_spl
Splunk Employee
Splunk Employee

SPL-92698 was fixed in 6.2.1

AKG
Path Finder

Hi

Just an update, our splunk was upgraded to 6.2.3 recently and it broke our SSO.

we had to use appServerPorts = 0 option for time being.

Thank you

0 Karma

HansK
Path Finder

We had issues with a apache proxy setup, trying to use SSO on 6.2, which worked perfectly on 6.1

"fix" was to run in legacy mode by adding appServerPorts = 0 to web.conf

jdastmalchi_spl
Splunk Employee
Splunk Employee

Please don't use appServerPorts=0 as a final fix, Legacy mode can be used as an interim workaround to minimize intruption to your service but the main underlying issue needs to be investigated and addressed.

0 Karma

dprows
New Member

How do we find the underlying issue so we don't need to use Legacy mode?

0 Karma

HansK
Path Finder

http://docs.splunk.com/Documentation/Splunk/6.2.1/ReleaseNotes/6.2.1
2014-10-28 PL-92730 Splunk 6.2 appears to break reverse proxy., SPL-92730

I have ticket open (199508), but no fix yet.

HansK
Path Finder

Our problem has been fixed after receiving some tips from splunk support, we use a php script in combination with mod_rewrite to proxy.
It seems cookie handling has changed between 6.1 & 6.2

HansK
Path Finder

// Added for new splunk version to work.
curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/splunk-cookie-'. session_id());
curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/splunk-cookie-'. session_id());
//

Full code

dprows
New Member

Unfortunately, we are using IIS and am not sure how to adapt this to work in our environment. I tried to search for IIS option for this, but came up empty handed.

0 Karma

dprows
New Member

The issue appears to be with SSL, as going to http://iporservername:8000 works fine after the header has been rewritten, but not with https://iporservername. Hopefully, they will get this fixed soon as it is a bit of a pain.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...