One issue users may be facing is:
The proxy is not able to timeout due to the dashboard pinging the search jobs every 3 minutes or so.
Solution is to listen for the ui inactivity timeout and cancel the jobs once we have reached the ui inactivity timeout to allow the proxy to timeout.
There are two options
1. Edit their existing HTML dashboards to require 'helpers/Session’ and for each search job listen for Session timeout and cancel the jobs as shown below.
require([
"splunkjs/mvc",
"splunkjs/mvc/utils",
"splunkjs/mvc/tokenutils",
"underscore",
"jquery",
"splunkjs/mvc/simplexml",
"splunkjs/mvc/headerview",
"splunkjs/mvc/footerview",
"splunkjs/mvc/simplexml/dashboardview",
"splunkjs/mvc/simplexml/dashboard/panelref",
"splunkjs/mvc/simplexml/element/chart",
"splunkjs/mvc/simplexml/element/event",
"splunkjs/mvc/simplexml/element/html",
"splunkjs/mvc/simplexml/element/list",
"splunkjs/mvc/simplexml/element/map",
"splunkjs/mvc/simplexml/element/single",
"splunkjs/mvc/simplexml/element/table",
"splunkjs/mvc/simpleform/formutils",
"splunkjs/mvc/simplexml/eventhandler",
"splunkjs/mvc/simpleform/input/dropdown",
"splunkjs/mvc/simpleform/input/radiogroup",
"splunkjs/mvc/simpleform/input/multiselect",
"splunkjs/mvc/simpleform/input/checkboxgroup",
"splunkjs/mvc/simpleform/input/text",
"splunkjs/mvc/simpleform/input/timerange",
"splunkjs/mvc/simpleform/input/submit",
"splunkjs/mvc/searchmanager",
"splunkjs/mvc/savedsearchmanager",
"splunkjs/mvc/postprocessmanager",
"splunkjs/mvc/simplexml/urltokenmodel",
'helpers/Session'
// Add comma-separated libraries and modules manually here, for example:
// ..."splunkjs/mvc/simplexml/urltokenmodel",
// "splunkjs/mvc/checkboxview"
],
function(
mvc,
utils,
TokenUtils,
_,
$,
DashboardController,
HeaderView,
FooterView,
Dashboard,
PanelRef,
ChartElement,
EventElement,
HtmlElement,
ListElement,
MapElement,
SingleElement,
TableElement,
FormUtils,
EventHandler,
DropdownInput,
RadioGroupInput,
MultiSelectInput,
CheckboxGroupInput,
TextInput,
TimeRangeInput,
SubmitButton,
SearchManager,
SavedSearchManager,
PostProcessManager,
UrlTokenModel,
Session
search1.on('search:done', function() {
Session.on('timeout', function ()
{ search1.cancel(); }
, this);
});
Use the cancel_search_managers.js script pasted below and this script will iterate over all search jobs and cancel them once ui inactivity timeout has been reached in order to allow the proxy to timeout.
To use this script you will need to include this script in the appserver/static directory for all of the apps they want searches to be cancelled on timeout. You would include the file in etc/apps/app
/appserver/static/
require([
'splunkjs/mvc/searchmanager',
'splunkjs/mvc',
'helpers/Session',
'underscore',
'splunkjs/mvc/simplexml/ready!'],function(
SearchManager,
mvc,
Session,
_
){
Session.on('timeout', function () {
_(splunkjs.mvc.Components.toJSON()).chain().filter(
function(cmp) {
return cmp instanceof SearchManager;
}
).each(
function(mgr){
mgr.cancel();
}
);
}, this);
});
Next update the simple xml dashboards and add the script attribute to the form or dashboard element. for example:
<form script="cancel_search_managers.js">
Hello Yoho,
As splunk documentation mentions about session management in SSO the user session will not be over by default.
Session management:
Since there is no simple log out for a session and Splunk will preserve a session as long as the correct header information is contained in the proxy header, you should set your proxy's session timeout value with this in mind.
Keep in mind it will not redirect you to login page OR if it does you not be able to use any credential as it's SSO , you are already authenticated through LDAP.
If you have any problem with the web, Just close the browser and re-open. Splunk will create a new session if there isn't one existing for the same IP/USER. Thanks, hope it helps.
Yes it should do the logout from splunk side as well what i can think of, because we are cancelling the current sessionid. I am not sure of it fully but, as Splunk suggests you can end an session forcibly through REST ,your question may be correct.
Please see the document for more clarity:
http://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkSSO
Thanks.
So does it mean proxy timeout should be lower than (or equal to) Splunk's one to avoid getting the splunk login page ?
Am I correct to say the second sentence in the doc suggests the proxy should log out the user on splunk side when it's logged out on the proxy side (either by timeout or by logging out deliberately) ?