Yesterday we ran a stress test on our Splunk implementation. We use LDAP authentication and are currently hosting Splunk in Citrix. One user logged in as himself but noted, after a number of minutes, that the AppBar indicated that he was logged in as a different user. The user access level for both users is set to User and they do not know each other’s passwords. They are also using CAC authentication to get to the portal that is hosting Splunk.
Any ideas how this could happen?
I can't imagine how this could happen on the Splunk server backend, so I'm inclined to think it's related to the hosting or portal. Is this problem reproducible? Does it happen often?
We're hoping to replicate it this afternoon with another test.