I'm trying to authenticate with our SSO solution and I can get as far as trying to get a sessionKey from the trustedlogin service but I always get a Login failed for a response. Thus, my SSO user is being brought to the login screen.
The user does indeed exist in splunk.
Is this normal behavior or did I miss something? I had thought that if splunk received the REMOTE_USER and considered it "trusted", it would create a sessionkey and let them move past the login screen.
Have you tried the splunk-server/debug/sso URL?
It should say in the second table that "Yes. SSO will be used to authenticate this request". If not, tinker with trustedIP settings. That has usually been my problem.