Security

How to enable SSO?

JoshWhaley
Path Finder

I am working on enabling SSO with a Splunk Enterprise instance, and have set up the reverse proxy on our Windows server. When viewing the /debug/sso page, I am correctly receiving the Remote-User parameter, but it is showing that SSO is not enabled ( SSO Enabled: No ). I have the following in system/local/web.conf:

SSOMode = permissive # I've tried strict as well, which doesn't seem to be affecting anything (even after a restart). I'm still taken to a login page, which shouldn't happen.
remoteUser = Remote-User
trustedIP = <ip of my reverse proxy>,127.0.0.1
tools.proxy.on = false # true takes me to a page saying "Forbidden: Strict SSO" when trying to view anything other than debug pages
                       # I get this same error even if SSOMode is set to permissive

system/local/server.conf:

trustedIP = 127.0.0.1,<ip of reverse proxy>

What else needs to be changed in order to enable SSO on my Splunk instance? To me, it seems like my SSOMode option is being totally ignored by Splunk.

Here's a screenshot of what /debug/sso looks like:
debug/sso

EDIT: For clarification, I added more info from my web.conf, and from server.conf as well.

0 Karma
1 Solution

JoshWhaley
Path Finder

I was finally able to resolve this issue once I realized that, unlike web.conf, server.conf's trustedIP only allows for a single IP address. Removing the second IP address, leaving only localhost (127.0.0.1), fixed the problem, and SSO began to work as expected.

View solution in original post

JoshWhaley
Path Finder

I was finally able to resolve this issue once I realized that, unlike web.conf, server.conf's trustedIP only allows for a single IP address. Removing the second IP address, leaving only localhost (127.0.0.1), fixed the problem, and SSO began to work as expected.

vidyadharms
New Member

Can you please share the steps to Edit the properties on your proxy server to authenticate against your external authentication system? We are using IIS 8.5 as Reverse Proxy....But only redirection happens but SSO didn't work. We got see only Splunk login page. No value for X-Remote-User variable when checked in Splunk SSO debug page.

0 Karma

jokajak
Engager

I was having the same problem. I ended up fixing it by adding the following lines to web.conf. I did not add any trustedIP to server.conf because I could not determine what section it should fall in.

  # If set to 1, and if appServerPorts is set to a non-zero value, this
  # will allow SSO to work even if server.conf doesn't have a trustedIP
  # set (it still needs to be set in web.conf)
  allowSsoWithoutChangingServerConf = 1

,I had the same problem. I added the following lines to my web.conf:

# If set to 1, and if appServerPorts is set to a non-zero value, this
# will allow SSO to work even if server.conf doesn't have a trustedIP
# set (it still needs to be set in web.conf)
allowSsoWithoutChangingServerConf = 1

I did not set anything in server.conf

0 Karma

JoshWhaley
Path Finder

Maybe the fact that you didn't add anything to the trustedIP in server.conf is what fixed it for you, believe it or not. I ended up resolving the issue when I realize that, unlike web.conf, server.conf's trustedIP only allows a single IP address. Removing the second IP address (leaving only localhost) from server.conf's trustedIP field resolved the issue for us.

0 Karma

jworthington_sp
Splunk Employee
Splunk Employee

You might be missing an attribute. And if that doesn't work, you might try setting SSOMode=strict. Also make sure you have the trusted IP listed in server.conf.

Here's a code sample for web.conf from the Security Manual:

SSOMode = strict
trustedIP = 127.0.0.1,10.3.1.61,10.1.8.81
remoteUser = X-Remote-User
tools.proxy.on = True

The following topic in the Securing Splunk manual might be helpful:

http://docs.splunk.com/Documentation/Splunk/6.2.4/Security/ConfigureSplunkSSO

Hope this helps!

JoshWhaley
Path Finder

See my updated question. None of these have worked, and I'm still seeing SSO Enabled: No.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...