Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to enable SSO?

JoshWhaley
Path Finder
‎07-21-2015 10:22 AM

I am working on enabling SSO with a Splunk Enterprise instance, and have set up the reverse proxy on our Windows server. When viewing the /debug/sso page, I am correctly receiving the Remote-User parameter, but it is showing that SSO is not enabled ( SSO Enabled: No ). I have the following in system/local/web.conf:

SSOMode = permissive # I've tried strict as well, which doesn't seem to be affecting anything (even after a restart). I'm still taken to a login page, which shouldn't happen.
remoteUser = Remote-User
trustedIP = <ip of my reverse proxy>,127.0.0.1
tools.proxy.on = false # true takes me to a page saying "Forbidden: Strict SSO" when trying to view anything other than debug pages
                       # I get this same error even if SSOMode is set to permissive

system/local/server.conf:

trustedIP = 127.0.0.1,<ip of reverse proxy>

What else needs to be changed in order to enable SSO on my Splunk instance? To me, it seems like my SSOMode option is being totally ignored by Splunk.

Here's a screenshot of what /debug/sso looks like:
debug/sso

EDIT: For clarification, I added more info from my web.conf, and from server.conf as well.

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

JoshWhaley
Path Finder
‎09-17-2015 07:28 AM

I was finally able to resolve this issue once I realized that, unlike web.conf, server.conf's trustedIP only allows for a single IP address. Removing the second IP address, leaving only localhost (127.0.0.1), fixed the problem, and SSO began to work as expected.

View solution in original post

Reply
Solved! Jump to solution
Solution

JoshWhaley
Path Finder
‎09-17-2015 07:28 AM

I was finally able to resolve this issue once I realized that, unlike web.conf, server.conf's trustedIP only allows for a single IP address. Removing the second IP address, leaving only localhost (127.0.0.1), fixed the problem, and SSO began to work as expected.

Reply
Solved! Jump to solution

vidyadharms
New Member
‎09-26-2016 07:02 AM

Can you please share the steps to Edit the properties on your proxy server to authenticate against your external authentication system? We are using IIS 8.5 as Reverse Proxy....But only redirection happens but SSO didn't work. We got see only Splunk login page. No value for X-Remote-User variable when checked in Splunk SSO debug page.

0 Karma
Reply
Solved! Jump to solution

jokajak
Engager
‎09-17-2015 05:21 AM

I was having the same problem. I ended up fixing it by adding the following lines to web.conf. I did not add any trustedIP to server.conf because I could not determine what section it should fall in.

  # If set to 1, and if appServerPorts is set to a non-zero value, this
  # will allow SSO to work even if server.conf doesn't have a trustedIP
  # set (it still needs to be set in web.conf)
  allowSsoWithoutChangingServerConf = 1

,I had the same problem. I added the following lines to my web.conf:

# If set to 1, and if appServerPorts is set to a non-zero value, this
# will allow SSO to work even if server.conf doesn't have a trustedIP
# set (it still needs to be set in web.conf)
allowSsoWithoutChangingServerConf = 1

I did not set anything in server.conf

0 Karma
Reply
Solved! Jump to solution

JoshWhaley
Path Finder
‎09-17-2015 07:25 AM

Maybe the fact that you didn't add anything to the trustedIP in server.conf is what fixed it for you, believe it or not. I ended up resolving the issue when I realize that, unlike web.conf, server.conf's trustedIP only allows a single IP address. Removing the second IP address (leaving only localhost) from server.conf's trustedIP field resolved the issue for us.

0 Karma
Reply
Solved! Jump to solution

jworthington_sp
Splunk Employee
Splunk Employee
‎07-21-2015 10:33 AM

You might be missing an attribute. And if that doesn't work, you might try setting SSOMode=strict. Also make sure you have the trusted IP listed in server.conf.

Here's a code sample for web.conf from the Security Manual:

SSOMode = strict
trustedIP = 127.0.0.1,10.3.1.61,10.1.8.81
remoteUser = X-Remote-User
tools.proxy.on = True

The following topic in the Securing Splunk manual might be helpful:

http://docs.splunk.com/Documentation/Splunk/6.2.4/Security/ConfigureSplunkSSO

Hope this helps!

Reply
Solved! Jump to solution

JoshWhaley
Path Finder
‎07-21-2015 11:14 AM

See my updated question. None of these have worked, and I'm still seeing SSO Enabled: No.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

&#x1f342; Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...