Been running splunk behind an apache proxy with NTLM for awhile. (Same host).
Today, I decided to move the apache proxy to a different server, and use SAML2.0 as the authentication method.
As fast as /debug/sso goes, this was a no-hiccup change.
As far as the actual web interface goes, it tells me:
Could not authenticate user via SSO.
Please confirm the user set in the
http header via your SSO module has a
matching splunk account with the same
I verified the usernames, which now uses userprinciplename, instead of samaccount.
I can log in using :8000 fine.
Are there some other logs I can get into to help me diagnose this further?
The debug page is perfect.
Is the incoming request IP in
splunkweb's list of trustedIPs? Yes.
SSO will be used to authenticate this
Remote User HTTP Header REMOTE-USER
Value of REMOTE-USER
I noticed on the screen, splunk gives me a little help: User: UNKNOWN_USER
But I can clearly see my named user in the user list. I wonder why they are not matching.
I'm getting the same behavior in 6.0.3. The debug page looks like everything is working, but I get the above error page, which says that the user is UNKNOWN_USER.
I'm getting the same question.The /debug/sso page looks OK.
I got some log in web_service.log
2015-06-24 09:46:44,231 ERROR [558b5d84381ca48350] auth:59 - getSessionKey - unable to login; check credentials
2015-06-24 09:46:44,232 WARNING [558b5d84381ca48350] decorators:207 - Could not authenticate user zillionlee via SSO. Does zillionlee have a matching splunk account with the same username?
But I have a user zillionlee in splunk.I have no idea.