Splunk Enterprise

Splunk Secure Gateway connection error

joshiro
Communicator

We are having a connection issue on Splunk Enterprise 8.2.6 on prem with Splunk Secure Gateway 2.7.4, according to the firewall rules the connection port 443 outbound to the host prod.spacebridge.spl.mobi is allowed.

We verified the connection using the troubleshooting guide in the documentation by running:

curl https://prod.spacebridge.spl.mobi/health_check

Also we tried the test for wss connection and we get the correct response:

curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: echo.websocket.events" -H "Origin: https://echo.websocket.events" -H "Sec-WebSocket-Key: d3d3LnNwbHVuay5jb20=" -H "Sec-WebSocket-Version: 13" https://echo.websocket.events


When we run the following rest command:

 

| rest "services/ssg/test_websocket" request_type="{\"versionGetRequest\": {}}" request_mode=clientSingleRequest

 

 

We get this output:

 

auth_code_status = 200
completed_client_registration = 0
error = 'token_id'
server_registration_status = 400
splunk_server = server
wss_response = 0

 


The error traceback in _internal is:

 

2022-05-09 11:22:58,148 ERROR [rest_base] [__init__] [exception] [4772] Spacebridge error
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/splunk_secure_gateway/bin/spacebridgeapp/rest/util/helper.py", line 13, in extract_parameter
    result = obj[key]
KeyError: 'self_register'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/splunk_secure_gateway/bin/spacebridgeapp/rest/base_endpoint.py", line 53, in handle
    res = self.handle_request(request)
  File "/opt/splunk/etc/apps/splunk_secure_gateway/bin/spacebridgeapp/rest/base_endpoint.py", line 86, in handle_request
    return self.post(request)
  File "/opt/splunk/etc/apps/splunk_secure_gateway/bin/spacebridgeapp/rest/registration/saml_registration_handler.py", line 70, in post
    self_register = extract_parameter(request['query'], SELF_REGISTER_LABEL, QUERY_LABEL)
  File "/opt/splunk/etc/apps/splunk_secure_gateway/bin/spacebridgeapp/rest/util/helper.py", line 15, in extract_parameter
    raise Errors.SpacebridgeRestError('Error: Request requires %s parameter "%s"' % (source_name, key), 400)
spacebridgeapp.rest.util.errors.SpacebridgeRestError: Error: Request requires query parameter "self_register"

 


Any ideas on how to solve this issue? or continue the troubleshooting?

Labels (3)
Tags (1)
0 Karma

marcoscala
Builder

Hi Joshiro, how did you solve the issue? I'm facing the same problem to connect to Spacebridge to configure Splunk Edge Hub.

 

Marco

0 Karma

joshiro
Communicator

Hi Marco, i dont really remember what was the problem nor the solution.
We are currently working with Splunk Edge Hub on Splunk 9.2.0.1 and we got no problems with the device registration.

What i do remember about that time where we implemented the SSG for Mobile use, is that there was a problem with cert inspection on the firewall, it changed something on the cert itself ,and it was no longer recognized as a valid one for the SSG.

Regards.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...