Security
Highlighted

Why am I no longer able to access SSO and Echo debug pages with 403 errors in Splunk 6.3?

Path Finder

I've confirmed using an out-of-box install that I'm no longer able to access these pages:

How do I enable these pages?

Highlighted

Re: Why am I no longer able to access SSO and Echo debug pages with 403 errors in Splunk 6.3?

Engager

Yeah, we're working on our 6.3 upgrade and SSO isn't functional, and we have no ability to debug why. Very, very frustrating.

0 Karma
Highlighted

Re: Why am I no longer able to access SSO and Echo debug pages with 403 errors in Splunk 6.3?

Path Finder

Right, 6.3 doesn't appear to break SSO itself, but I heavily rely on this page for testing/confirming it.

0 Karma
Highlighted

Re: Why am I no longer able to access SSO and Echo debug pages with 403 errors in Splunk 6.3?

In order to access this end point, two things must be in place. First, the role that is accessing this end point must have the following capability:

[capability::web_debug]

This is configured in authorize.conf and the admin role has this by default. The second requirement, which was introduced in 6.3, in web.conf the following setting must be set to true:

enableWebDebug = true|false
- Controls the visibility of the debug endpoints (i.e., /debug/
splat).
- Defaults to false

If you browse to http://localhost:8000/en-US/info/ you will find the Development Services page where it will describe this new access requirement.
It is my understanding that this change was introduced for security purposes.

Jacob
Sr. Technical Support Engineer

View solution in original post

Highlighted

Re: Why am I no longer able to access SSO and Echo debug pages with 403 errors in Splunk 6.3?

Path Finder

This worked, thank you!

Updating enableWebDebug = true in web.conf is all that is needed to expose the /debug/sso and /debug/echo endpoints, and updating the role with the webdebug capability in authorize.conf only applies to some of the debug endpoints (e.g. /debug/refresh and /bump, according to the info page that you cited).

0 Karma
Highlighted

Re: Why am I no longer able to access SSO and Echo debug pages with 403 errors in Splunk 6.3?

Ultra Champion
0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.