Hello,

I'm trying to configure Proxy SSO authentication, with PingAccess, for Splunk Enterprise v7.2.5.1.
But whatever I try and configure on Splunk side, I obtain this message in the splunkd logs :

DEBUG UiAuth - Value of header returned=<user id>
INFO UiAuth - ProxySSO authType not configured, no groups header processing
ERROR UiAuth - user=<user id> action=login status=failure reason=sso-failed useragent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36" clientip=<proxy sso ip>

Here is my authentication.conf file:

[authentication]
authType = ProxySSO

[roleMap_proxySSO]
user_0 = P_SPLUNK_CONSULT-DATA-ALL_PUBLIC
user_1 = P_SPLUNK_CONSULT-DATA-IT_INTERNE
user_2 = P_SPLUNK_CONSULT-DATA-IT_CONFIDENT
admin = pg_splunk

And my web.conf file:

[settings]
SSOMode = permissive
trustedIP = 127.0.0.1,<proxy sso ip>
remoteUser = REMOTE_USER
remoteGroups = REMOTE_GROUPS
remoteGroupsQuoted = false
allowSsoWithoutChangingServerConf = 1
enableSplunkWebSSL = 0
enableWebDebug = true

The SSO debug page looks well, but the line "Value of REMOTE_GROUPS" remains empty (the user is ok).
And at the bottom of the page, in the "other http headers", there is the header "REMOTE_GROUPS" which contains the right list of groups, separated by commas, without quotes.

According to the groups list and the group mapping rules, the user should obtain the first 3 roles (user_0, user_1, user_2).

What did I miss ??

Christophe