Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

ProxySSO authentication failed to process groups header

chclemence
Explorer
‎04-05-2019 08:16 AM

Hello,

I'm trying to configure Proxy SSO authentication, with PingAccess, for Splunk Enterprise v7.2.5.1.
But whatever I try and configure on Splunk side, I obtain this message in the splunkd logs :

DEBUG UiAuth - Value of header returned=<user id>
INFO UiAuth - ProxySSO authType not configured, no groups header processing
ERROR UiAuth - user=<user id> action=login status=failure reason=sso-failed useragent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36" clientip=<proxy sso ip>

Here is my authentication.conf file:

[authentication]
authType = ProxySSO

[roleMap_proxySSO]
user_0 = P_SPLUNK_CONSULT-DATA-ALL_PUBLIC
user_1 = P_SPLUNK_CONSULT-DATA-IT_INTERNE
user_2 = P_SPLUNK_CONSULT-DATA-IT_CONFIDENT
admin = pg_splunk

And my web.conf file:

[settings]
SSOMode = permissive
trustedIP = 127.0.0.1,<proxy sso ip>
remoteUser = REMOTE_USER
remoteGroups = REMOTE_GROUPS
remoteGroupsQuoted = false
allowSsoWithoutChangingServerConf = 1
enableSplunkWebSSL = 0
enableWebDebug = true

The SSO debug page looks well, but the line "Value of REMOTE_GROUPS" remains empty (the user is ok).
And at the bottom of the page, in the "other http headers", there is the header "REMOTE_GROUPS" which contains the right list of groups, separated by commas, without quotes.

According to the groups list and the group mapping rules, the user should obtain the first 3 roles (user_0, user_1, user_2).

What did I miss ??

Christophe

Reply

chclemence
Explorer
‎04-15-2019 02:42 AM 
ERROR UserManagerPro - Error initializing authentication - ProxySSO authType allowed only with SSOMode=strict in web.conf.

Problem solved ...

Reply

chclemence
Explorer
‎04-08-2019 07:44 AM

Small update:

I added a default role in authentication.conf:

 [authentication]
 authSettings = my_proxy
 authType = ProxySSO

 [my_proxy]
 defaultRoleIfMissing = user

And the behaviour is the same, I receive an "unauthorized" error, even with the "defaultRoleIfMissing" configuration !

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
Top