Security
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Security
- :
- ProxySSO authentication failed to process groups h...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ProxySSO authentication failed to process groups header
chclemence
Explorer
04-05-2019
08:16 AM
Hello,
I'm trying to configure Proxy SSO authentication, with PingAccess, for Splunk Enterprise v7.2.5.1.
But whatever I try and configure on Splunk side, I obtain this message in the splunkd logs :
DEBUG UiAuth - Value of header returned=<user id>
INFO UiAuth - ProxySSO authType not configured, no groups header processing
ERROR UiAuth - user=<user id> action=login status=failure reason=sso-failed useragent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36" clientip=<proxy sso ip>
Here is my authentication.conf file:
[authentication]
authType = ProxySSO
[roleMap_proxySSO]
user_0 = P_SPLUNK_CONSULT-DATA-ALL_PUBLIC
user_1 = P_SPLUNK_CONSULT-DATA-IT_INTERNE
user_2 = P_SPLUNK_CONSULT-DATA-IT_CONFIDENT
admin = pg_splunk
And my web.conf file:
[settings]
SSOMode = permissive
trustedIP = 127.0.0.1,<proxy sso ip>
remoteUser = REMOTE_USER
remoteGroups = REMOTE_GROUPS
remoteGroupsQuoted = false
allowSsoWithoutChangingServerConf = 1
enableSplunkWebSSL = 0
enableWebDebug = true
The SSO debug page looks well, but the line "Value of REMOTE_GROUPS" remains empty (the user is ok).
And at the bottom of the page, in the "other http headers", there is the header "REMOTE_GROUPS" which contains the right list of groups, separated by commas, without quotes.
According to the groups list and the group mapping rules, the user should obtain the first 3 roles (user_0, user_1, user_2).
What did I miss ??
Christophe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
chclemence
Explorer
04-15-2019
02:42 AM
ERROR UserManagerPro - Error initializing authentication - ProxySSO authType allowed only with SSOMode=strict in web.conf.
Problem solved ...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
chclemence
Explorer
04-08-2019
07:44 AM
Small update:
I added a default role in authentication.conf:
[authentication]
authSettings = my_proxy
authType = ProxySSO
[my_proxy]
defaultRoleIfMissing = user
And the behaviour is the same, I receive an "unauthorized" error, even with the "defaultRoleIfMissing" configuration !
Get Updates on the Splunk Community!
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
Splunk AppDynamics Agents Webinar Series
Mark your calendars! On June 24th at 12PM PST, we’re going live with the second session of our Splunk ...
SplunkTrust Application Period is Officially OPEN!
It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open!
If you ...
