Just installed Splunk Free on a CentOS VPS. Every time I try to access Splunk Web, I get the following error
Forbidden: Strict SSO Mode View more information about your request (request ID = 5817aa24fe7f6a4818a910) in Search You are using http://myurl:8000, which is connected to splunkd @59c8927def0f at https://127.0.0.1:8089 on Mon Oct 31 20:31:33 2016.
I have had this problem from the beginning. Since then I've changed the following line in web.conf:
SOMode = permissive
And the following in server.conf:
allowRemoteLogin = always
Have played with a couple of other settings to no avail. After making changes, I restart the service.
From a fresh install when running on my local laptop for development and testing, I've had to do the following. I'm connecting to localhost, and suspect you're doing the same?
Add allowRemoteLogin to server.conf [general] section.
Create web.conf and populate with:
[settings] appServerPorts = 0
You are not supposed to edit the files in $SPLUNK_HOME/etc/system/default directly. Copy the settings you want to change to $SPLUNK_HOME/etc/system/local, ie:
$SPLUNK_HOME/etc/splunk/system/local/web.conf [settings] SSOMode = strict allowSsoWithoutChangingServerConf = 0
This should get you back to local auth. I'm not sure why you were playing with the SSO config in the first place (as it's off by default).
I've copied the file to $SPLUNK_HOME/etc/splunk/system/local/web.conf and made suggested changes, but am still seeing the error after reloading the service.
The only reason I was playing around with SSO config is because I've been getting this error since I first started splunk after the first install, and have not yet been able to access the web interface.
I don't see anything in your config that would force SSO. If it was me, since this is a fresh install, I would just uninstall and make sure the old configs are gone and install again to see if I get the same problem.
If you really want to troubleshoot then you can enable http://YourSplunkServer:8000/debug/sso to give you some debugging info.
Hi suarezry, no I am just trying to access the web interface remotely, no proxy and no SSO. This is literally the first time I've installed splunk and so am just trying to access the web interface. web.conf as reqeusted: