Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

SSO with Apache proxy server and when redirected to Splunk login page from proxy, it only shows "Loading..."

Ellen
Splunk Employee
Splunk Employee
‎06-10-2014 11:17 AM

I have enabled SSO login to Splunk utilizing SAML. SSO authentication is successful.
Going to: https://splunkserver/debug/sso I see the following:

Yes. SSO will be used to authenticate this request.
AND value of X-Remote_user is the userid.

However when I am redirected to the Splunk login page from the proxy, the screen sits on:

splunk> Loading...

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

Ellen
Splunk Employee
Splunk Employee
‎06-10-2014 11:18 AM

In this case, the issue is related to the root_endpoint attribute in $SPLUNK_HOME/etc/system/local/web.conf was left at the default of "/"

This attribute needs to be customized to your environment as mentioned in
the following blog: http://indirat.wordpress.com/tag/splunk-sso/

This property defines the context for the Splunk Web, by default it is same as root context of the proxy and Splunk app server. Customers can use this property to redefine the root context of the web/app server to some thing else.
For instance:

root_endpoint=/lzone

in the web.conf file under settings stanza. With this settings SplunkWeb will be accessed via http://splunk.example.com:8000/lzone instead of http://splunk.example.com:8000/ . To make the proxy aware of this, you have to map it accordingly in the httpd.conf. Some thing like

ProxyPass /lzone http://splunkweb.splunk.com:8000/lzone
ProxyPassReverse /lzone http://splunkweb.splunk.com:8000/lzone

View solution in original post

Reply
Solved! Jump to solution
Solution

Ellen
Splunk Employee
Splunk Employee
‎06-10-2014 11:18 AM

In this case, the issue is related to the root_endpoint attribute in $SPLUNK_HOME/etc/system/local/web.conf was left at the default of "/"

This attribute needs to be customized to your environment as mentioned in
the following blog: http://indirat.wordpress.com/tag/splunk-sso/

This property defines the context for the Splunk Web, by default it is same as root context of the proxy and Splunk app server. Customers can use this property to redefine the root context of the web/app server to some thing else.
For instance:

root_endpoint=/lzone

in the web.conf file under settings stanza. With this settings SplunkWeb will be accessed via http://splunk.example.com:8000/lzone instead of http://splunk.example.com:8000/ . To make the proxy aware of this, you have to map it accordingly in the httpd.conf. Some thing like

ProxyPass /lzone http://splunkweb.splunk.com:8000/lzone
ProxyPassReverse /lzone http://splunkweb.splunk.com:8000/lzone

Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...