We have a Splunk cluster setup configured to use ProxySSO. Our LB is playing role of Proxy server and it passes all the required credentials, group Info, user identity etc. to the Splunk Web through HTTP headers. After getting this information Splunk properly authenticates and displays expected dashboards using appropriate authorization.
The issue comes when user either clicks the Logout option of Splunk OR session timeout happen due to in-activity. The expectation is - Splunk should redirect to the URL as configured in Proxy server but actually the redirection doesn’t work and after logging out the Splunk Login page is displayed. Proxy server URL is configured to property redirectAfterLogoutToUrl under [ssosettings] stanza. But its not working. We want to redirect the user to a separate page but ends up in displaying Splunk Login page.
How to configure this with ProxySSO authentication method?
... View more
Query regarding Patch for "Timestamp recognition of dates with two-digit years fails beginning January 1, 2020" post.
On 25th Nov 2019, the post "https://docs.splunk.com/Documentation/Splunk/latest/ReleaseNotes/FixDatetimexml2020" is asking to patch all Splunk instances instead of "Splunk Cloud, Splunk Enterprise indexer, Splunk Enterprise heavy forwarder, and Splunk Light instances" a day before.
Does this mean that on Splunk enterprise Clustered setup, this file must be patched on Cluster master, SH deployer, License Master, Indexers, Search-heads and all heavy & universal forwarder instances?
just indexers & heavy forwarder instances?
Also, on Splunk Enterprise All-in-one setups, this file must be patched. Correct?
Thanks in advance,
... View more