I have enabled SSO login to Splunk utilizing SAML. SSO authentication is successful.
Going to: https://splunkserver/debug/sso I see the following:
Yes. SSO will be used to authenticate this request.
AND value of X-Remote_user is the userid.
However when I am redirected to the Splunk login page from the proxy, the screen sits on:
In this case, the issue is related to the rootendpoint attribute in $SPLUNKHOME/etc/system/local/web.conf was left at the default of "/"
This attribute needs to be customized to your environment as mentioned in
the following blog: http://indirat.wordpress.com/tag/splunk-sso/
This property defines the context for the Splunk Web, by default it is same as root context of the proxy and Splunk app server. Customers can use this property to redefine the root context of the web/app server to some thing else.
in the web.conf file under settings stanza. With this settings SplunkWeb will be accessed via http://splunk.example.com:8000/lzone instead of http://splunk.example.com:8000/ . To make the proxy aware of this, you have to map it accordingly in the httpd.conf. Some thing like
ProxyPass /lzone http://splunkweb.splunk.com:8000/lzone
ProxyPassReverse /lzone http://splunkweb.splunk.com:8000/lzone
View solution in original post