Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Security
- :
- ProxySSO authentication failed to process groups h...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ProxySSO authentication failed to process groups header
Hello,
I'm trying to configure Proxy SSO authentication, with PingAccess, for Splunk Enterprise v7.2.5.1.
But whatever I try and configure on Splunk side, I obtain this message in the splunkd logs :
DEBUG UiAuth - Value of header returned=<user id>
INFO UiAuth - ProxySSO authType not configured, no groups header processing
ERROR UiAuth - user=<user id> action=login status=failure reason=sso-failed useragent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36" clientip=<proxy sso ip>
Here is my authentication.conf file:
[authentication]
authType = ProxySSO
[roleMap_proxySSO]
user_0 = P_SPLUNK_CONSULT-DATA-ALL_PUBLIC
user_1 = P_SPLUNK_CONSULT-DATA-IT_INTERNE
user_2 = P_SPLUNK_CONSULT-DATA-IT_CONFIDENT
admin = pg_splunk
And my web.conf file:
[settings]
SSOMode = permissive
trustedIP = 127.0.0.1,<proxy sso ip>
remoteUser = REMOTE_USER
remoteGroups = REMOTE_GROUPS
remoteGroupsQuoted = false
allowSsoWithoutChangingServerConf = 1
enableSplunkWebSSL = 0
enableWebDebug = true
The SSO debug page looks well, but the line "Value of REMOTE_GROUPS" remains empty (the user is ok).
And at the bottom of the page, in the "other http headers", there is the header "REMOTE_GROUPS" which contains the right list of groups, separated by commas, without quotes.
According to the groups list and the group mapping rules, the user should obtain the first 3 roles (user_0, user_1, user_2).
What did I miss ??
Christophe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ERROR UserManagerPro - Error initializing authentication - ProxySSO authType allowed only with SSOMode=strict in web.conf.
Problem solved ...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Small update:
I added a default role in authentication.conf:
[authentication]
authSettings = my_proxy
authType = ProxySSO
[my_proxy]
defaultRoleIfMissing = user
And the behaviour is the same, I receive an "unauthorized" error, even with the "defaultRoleIfMissing" configuration !
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
