Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

SSO, trustedIP and IPv6

lrhazi
Path Finder
‎11-08-2011 12:49 PM

On RedHat 6, I found that my SSO config would not work, with Apache on localhost acting as proxy.

The debug page would shoo:

Incoming request IP received by splunkweb ::1
Is the incoming request IP in splunkweb's list of trustedIPs? No. SSO will not be used to authenticate this request.

My trustedIP was set to: 127.0.0.1

I tried setting to: 127.0.0.1, ::1, but it did not seem to work.

After disabling IPv6, and rebooting the box, it started working, as the client now is 127.0.0.1.

Is there a different syntax for specifying a trustedIP if ::1 ?

Tags (2)
Reply

ithangasamy_spl
Splunk Employee
Splunk Employee
‎03-04-2014 10:45 PM

This is known to work in Splunk 5+. Please refer the attached image alt text
Both in the server.conf and web.conf for the trustedIP property you need to set
trustedIP=::1 NOT trustedIP=[::1] , if you do you would likely see following error in the splunkd.log

-04-2014 21:58:31.362 -0800 ERROR HTTPRestLogin - SSO failed - Given IP '::1' does not match trusted IP '[::1]'

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...