Security

How to enable SSO?

JoshWhaley
Path Finder

I am working on enabling SSO with a Splunk Enterprise instance, and have set up the reverse proxy on our Windows server. When viewing the /debug/sso page, I am correctly receiving the Remote-User parameter, but it is showing that SSO is not enabled ( SSO Enabled: No ). I have the following in system/local/web.conf:

SSOMode = permissive # I've tried strict as well, which doesn't seem to be affecting anything (even after a restart). I'm still taken to a login page, which shouldn't happen.
remoteUser = Remote-User
trustedIP = <ip of my reverse proxy>,127.0.0.1
tools.proxy.on = false # true takes me to a page saying "Forbidden: Strict SSO" when trying to view anything other than debug pages
                       # I get this same error even if SSOMode is set to permissive

system/local/server.conf:

trustedIP = 127.0.0.1,<ip of reverse proxy>

What else needs to be changed in order to enable SSO on my Splunk instance? To me, it seems like my SSOMode option is being totally ignored by Splunk.

Here's a screenshot of what /debug/sso looks like:
debug/sso

EDIT: For clarification, I added more info from my web.conf, and from server.conf as well.

0 Karma
1 Solution

JoshWhaley
Path Finder

I was finally able to resolve this issue once I realized that, unlike web.conf, server.conf's trustedIP only allows for a single IP address. Removing the second IP address, leaving only localhost (127.0.0.1), fixed the problem, and SSO began to work as expected.

View solution in original post

JoshWhaley
Path Finder

I was finally able to resolve this issue once I realized that, unlike web.conf, server.conf's trustedIP only allows for a single IP address. Removing the second IP address, leaving only localhost (127.0.0.1), fixed the problem, and SSO began to work as expected.

vidyadharms
New Member

Can you please share the steps to Edit the properties on your proxy server to authenticate against your external authentication system? We are using IIS 8.5 as Reverse Proxy....But only redirection happens but SSO didn't work. We got see only Splunk login page. No value for X-Remote-User variable when checked in Splunk SSO debug page.

0 Karma

jokajak
Engager

I was having the same problem. I ended up fixing it by adding the following lines to web.conf. I did not add any trustedIP to server.conf because I could not determine what section it should fall in.

  # If set to 1, and if appServerPorts is set to a non-zero value, this
  # will allow SSO to work even if server.conf doesn't have a trustedIP
  # set (it still needs to be set in web.conf)
  allowSsoWithoutChangingServerConf = 1

,I had the same problem. I added the following lines to my web.conf:

# If set to 1, and if appServerPorts is set to a non-zero value, this
# will allow SSO to work even if server.conf doesn't have a trustedIP
# set (it still needs to be set in web.conf)
allowSsoWithoutChangingServerConf = 1

I did not set anything in server.conf

0 Karma

JoshWhaley
Path Finder

Maybe the fact that you didn't add anything to the trustedIP in server.conf is what fixed it for you, believe it or not. I ended up resolving the issue when I realize that, unlike web.conf, server.conf's trustedIP only allows a single IP address. Removing the second IP address (leaving only localhost) from server.conf's trustedIP field resolved the issue for us.

0 Karma

jworthington_sp
Splunk Employee
Splunk Employee

You might be missing an attribute. And if that doesn't work, you might try setting SSOMode=strict. Also make sure you have the trusted IP listed in server.conf.

Here's a code sample for web.conf from the Security Manual:

SSOMode = strict
trustedIP = 127.0.0.1,10.3.1.61,10.1.8.81
remoteUser = X-Remote-User
tools.proxy.on = True

The following topic in the Securing Splunk manual might be helpful:

http://docs.splunk.com/Documentation/Splunk/6.2.4/Security/ConfigureSplunkSSO

Hope this helps!

JoshWhaley
Path Finder

See my updated question. None of these have worked, and I'm still seeing SSO Enabled: No.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...