Hello,
I'm trying to configure Proxy SSO authentication, with PingAccess, for Splunk Enterprise v7.2.5.1.
But whatever I try and configure on Splunk side, I obtain this message in the splunkd logs :
DEBUG UiAuth - Value of header returned=<user id>
INFO UiAuth - ProxySSO authType not configured, no groups header processing
ERROR UiAuth - user=<user id> action=login status=failure reason=sso-failed useragent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36" clientip=<proxy sso ip>
Here is my authentication.conf file:
[authentication]
authType = ProxySSO
[roleMap_proxySSO]
user_0 = P_SPLUNK_CONSULT-DATA-ALL_PUBLIC
user_1 = P_SPLUNK_CONSULT-DATA-IT_INTERNE
user_2 = P_SPLUNK_CONSULT-DATA-IT_CONFIDENT
admin = pg_splunk
And my web.conf file:
[settings]
SSOMode = permissive
trustedIP = 127.0.0.1,<proxy sso ip>
remoteUser = REMOTE_USER
remoteGroups = REMOTE_GROUPS
remoteGroupsQuoted = false
allowSsoWithoutChangingServerConf = 1
enableSplunkWebSSL = 0
enableWebDebug = true
The SSO debug page looks well, but the line "Value of REMOTE_GROUPS" remains empty (the user is ok).
And at the bottom of the page, in the "other http headers", there is the header "REMOTE_GROUPS" which contains the right list of groups, separated by commas, without quotes.
According to the groups list and the group mapping rules, the user should obtain the first 3 roles (user_0, user_1, user_2).
What did I miss ??
Christophe
ERROR UserManagerPro - Error initializing authentication - ProxySSO authType allowed only with SSOMode=strict in web.conf.
Problem solved ...
Small update:
I added a default role in authentication.conf:
[authentication]
authSettings = my_proxy
authType = ProxySSO
[my_proxy]
defaultRoleIfMissing = user
And the behaviour is the same, I receive an "unauthorized" error, even with the "defaultRoleIfMissing" configuration !