Security

SSO Debug URL throws 500 Internal Server Error

jchapman_atomic
Explorer

Hello,

This is a new setup that I'm trying to get SSO working for.
We are currently on a trial license (will purchase in the next couple of weeks). License is still valid.
I'm Running Splunk 4.3.2 build 123586 on CentOS release 6.2

I have read everything at http://docs.splunk.com/Documentation/Splunk/latest/Admin/Usesinglesign-onwithSplunk and edited my server.conf and web.conf files appropriately.

When I try to debug by going to this url, http://:8000/en-US/debug/sso

I immediately get the following error (this happens in all browsers):

500 Internal Server Error

Return to Splunk home page

gaierror: [Errno -2] Name or service not known

You are using :8000, which is connected to splunkd @123586 at https://127.0.0.1:8089 on Thu May 31 09:11:42 2012.


I can also trace this back to a 500 on the splunk web server log:
- admin [31/May/2012:08:56:01.607 -0500] "GET /en-US/debug/sso HTTP/1.1" 500 2592 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5" - 4fc778719b7f9a600a86d0 2447ms

Can anyone give me some guidance on this? I'm running out of ideas.. Am I missing something stupid?

Thanks

-Joe

Tags (4)
0 Karma
1 Solution

jchapman_atomic
Explorer

In case anyone else runs into this error... Here's what happened:
I turned on debug and tail'd the corresponding log:

tail -f /opt/splunk/var/log/splunk/web_service.log

2012-06-06 16:30:15,740 INFO    [4fcfcbe55e7fdb8c085a50] _cplogging:55 - [06/Jun/2012:16:30:15] HTTP 
Request Headers:
  COOKIE: session_id_8000=1664104031a3735fc65f445ecacfb5572235fb81; session_id_80=2e8e9f588b3a1cf3b9611be8264d15eae8238a31
  HOST: 10.45.15.90
  ACCEPT: text/html, application/xhtml+xml, */*
  USER-AGENT: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
  CONNECTION: Keep-Alive
  Remote-Addr: 10.45.8.12
  ACCEPT-LANGUAGE: en-US
  ACCEPT-ENCODING: gzip, deflate
2012-06-06 16:30:15,740 DEBUG   [4fcfcbe55e7fdb8c085a50] _cplogging:55 - [06/Jun/2012:16:30:15] HTTP Traceback (most recent call last):
  File "/opt/splunk/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 606, in respond
    cherrypy.response.body = self.handler()
  File "/opt/splunk/lib/python2.7/site-packages/cherrypy/_cpdispatch.py", line 25, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "<string>", line 1, in <lambda>
  File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 38, in rundecs
    return fn(*a, **kw)
  File "<string>", line 1, in <lambda>
  File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 105, in check
    return fn(self, *a, **kw)
  File "<string>", line 1, in <lambda>
  File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 154, in validate_ip
    return fn(self, *a, **kw)
  File "<string>", line 1, in <lambda>
  File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 353, in handle_exceptions
    return fn(self, *a, **kw)
  File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/controllers/debug.py", line 299, in sso
    'host_ip': socket.gethostbyname(socket.gethostname()),
gaierror: [Errno -2] Name or service not known

Notice where it dies. my host name for this server wasn't in DNS (nor did I want it to be) so i just put the a host entry for it in /etc/hosts and all was solved!
what a pain for such a simple fix 🙂

View solution in original post

0 Karma

jchapman_atomic
Explorer

In case anyone else runs into this error... Here's what happened:
I turned on debug and tail'd the corresponding log:

tail -f /opt/splunk/var/log/splunk/web_service.log

2012-06-06 16:30:15,740 INFO    [4fcfcbe55e7fdb8c085a50] _cplogging:55 - [06/Jun/2012:16:30:15] HTTP 
Request Headers:
  COOKIE: session_id_8000=1664104031a3735fc65f445ecacfb5572235fb81; session_id_80=2e8e9f588b3a1cf3b9611be8264d15eae8238a31
  HOST: 10.45.15.90
  ACCEPT: text/html, application/xhtml+xml, */*
  USER-AGENT: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
  CONNECTION: Keep-Alive
  Remote-Addr: 10.45.8.12
  ACCEPT-LANGUAGE: en-US
  ACCEPT-ENCODING: gzip, deflate
2012-06-06 16:30:15,740 DEBUG   [4fcfcbe55e7fdb8c085a50] _cplogging:55 - [06/Jun/2012:16:30:15] HTTP Traceback (most recent call last):
  File "/opt/splunk/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 606, in respond
    cherrypy.response.body = self.handler()
  File "/opt/splunk/lib/python2.7/site-packages/cherrypy/_cpdispatch.py", line 25, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "<string>", line 1, in <lambda>
  File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 38, in rundecs
    return fn(*a, **kw)
  File "<string>", line 1, in <lambda>
  File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 105, in check
    return fn(self, *a, **kw)
  File "<string>", line 1, in <lambda>
  File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 154, in validate_ip
    return fn(self, *a, **kw)
  File "<string>", line 1, in <lambda>
  File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 353, in handle_exceptions
    return fn(self, *a, **kw)
  File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/controllers/debug.py", line 299, in sso
    'host_ip': socket.gethostbyname(socket.gethostname()),
gaierror: [Errno -2] Name or service not known

Notice where it dies. my host name for this server wasn't in DNS (nor did I want it to be) so i just put the a host entry for it in /etc/hosts and all was solved!
what a pain for such a simple fix 🙂

0 Karma

vitalybe
Engager

It is worth mentioning that the pretty HTTP-header response you see is only available in CherryPy before an error response. I spent a lot of time trying to make Splunk a pretty raw HTTP request like that.

0 Karma

jchapman_atomic
Explorer

Anyone have any ideas?
Thanks
-Joe

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...