Getting Data In

Why site doesn't load trying to access Splunk via proxy with Splunk 6.2 SSO using Windows 2012R2 IIS Server?

erusten
Engager

I've tried to implement Splunk 6.2 SSO using Windows 2012R2 IIS Server. But when i try to access splunk via proxy the site does not load properly. I only get:

splunk>
Loading...

My Network consists of one Windows 2012R2 Server with Splunk 6.2/ IIS / ARR 3.0 / Helicon ISAPI_Rewrite 3.1 Lite. I've been following instructions from #Conf2014 "Passwords Are For Chumps: Using Single Sign-on" Video and slidedeck is available on http://conf.splunk.com/sessions/2014?r=conf_topnav_keynotessessions_2014sessions.

Everything looks fine with /debug/sso

Remote User HTTP Header REMOTE-USER
Value of REMOTE-USER erik

My ISAPI Config:

Helicon ISAPI_Rewrite configuration file
Version 3.1.0.104

RewriteHeader REMOTE_USER: .* $1
RewriteMap user int:tolower
RewriteCond %{REMOTE_USER} .\([^\]+)
RewriteHeader Remote-User: .
${user:%1}
RewriteBase /

What wrong with my setup ?

Tags (5)
1 Solution

HansK
Path Finder

We had issues with a apache proxy setup, trying to use SSO on 6.2, which worked perfectly on 6.1

"fix" was to run in legacy mode by adding appServerPorts = 0 to web.conf

View solution in original post

jdastmalchi_spl
Splunk Employee
Splunk Employee

SPL-92698 was fixed in 6.2.1

AKG
Path Finder

Hi

Just an update, our splunk was upgraded to 6.2.3 recently and it broke our SSO.

we had to use appServerPorts = 0 option for time being.

Thank you

0 Karma

HansK
Path Finder

We had issues with a apache proxy setup, trying to use SSO on 6.2, which worked perfectly on 6.1

"fix" was to run in legacy mode by adding appServerPorts = 0 to web.conf

jdastmalchi_spl
Splunk Employee
Splunk Employee

Please don't use appServerPorts=0 as a final fix, Legacy mode can be used as an interim workaround to minimize intruption to your service but the main underlying issue needs to be investigated and addressed.

0 Karma

dprows
New Member

How do we find the underlying issue so we don't need to use Legacy mode?

0 Karma

HansK
Path Finder

http://docs.splunk.com/Documentation/Splunk/6.2.1/ReleaseNotes/6.2.1
2014-10-28 PL-92730 Splunk 6.2 appears to break reverse proxy., SPL-92730

I have ticket open (199508), but no fix yet.

HansK
Path Finder

Our problem has been fixed after receiving some tips from splunk support, we use a php script in combination with mod_rewrite to proxy.
It seems cookie handling has changed between 6.1 & 6.2

HansK
Path Finder

// Added for new splunk version to work.
curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/splunk-cookie-'. session_id());
curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/splunk-cookie-'. session_id());
//

Full code

dprows
New Member

Unfortunately, we are using IIS and am not sure how to adapt this to work in our environment. I tried to search for IIS option for this, but came up empty handed.

0 Karma

dprows
New Member

The issue appears to be with SSL, as going to http://iporservername:8000 works fine after the header has been rewritten, but not with https://iporservername. Hopefully, they will get this fixed soon as it is a bit of a pain.

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

[Coming Soon] Splunk Observability Cloud - Enhanced navigation with a modern look and ...

We are excited to introduce our enhanced UI that brings together AppDynamics and Splunk Observability. This is ...

Splunk Smartness with Patrick Tatro | Episode 4

Welcome to another episode of "Splunk Smartness," where we explore how Splunk Education can revolutionize your ...