Security

Why am I no longer able to access SSO and Echo debug pages with 403 errors in Splunk 6.3?

mkolkebeck
Path Finder

I've confirmed using an out-of-box install that I'm no longer able to access these pages:

How do I enable these pages?

1 Solution

jcrabb_splunk
Splunk Employee
Splunk Employee

In order to access this end point, two things must be in place. First, the role that is accessing this end point must have the following capability:

[capability::web_debug]

This is configured in authorize.conf and the admin role has this by default. The second requirement, which was introduced in 6.3, in web.conf the following setting must be set to true:

enableWebDebug = true|false
- Controls the visibility of the debug endpoints (i.e., /debug/
splat).
- Defaults to false

If you browse to http://localhost:8000/en-US/info/ you will find the Development Services page where it will describe this new access requirement.
It is my understanding that this change was introduced for security purposes.

Jacob
Sr. Technical Support Engineer

View solution in original post

jcrabb_splunk
Splunk Employee
Splunk Employee

In order to access this end point, two things must be in place. First, the role that is accessing this end point must have the following capability:

[capability::web_debug]

This is configured in authorize.conf and the admin role has this by default. The second requirement, which was introduced in 6.3, in web.conf the following setting must be set to true:

enableWebDebug = true|false
- Controls the visibility of the debug endpoints (i.e., /debug/
splat).
- Defaults to false

If you browse to http://localhost:8000/en-US/info/ you will find the Development Services page where it will describe this new access requirement.
It is my understanding that this change was introduced for security purposes.

Jacob
Sr. Technical Support Engineer

mkolkebeck
Path Finder

This worked, thank you!

Updating enableWebDebug = true in web.conf is all that is needed to expose the /debug/sso and /debug/echo endpoints, and updating the role with the web_debug capability in authorize.conf only applies to some of the debug endpoints (e.g. /debug/refresh and /_bump, according to the info page that you cited).

0 Karma

sloshburch
Splunk Employee
Splunk Employee
0 Karma

sullivanmatt
Engager

Yeah, we're working on our 6.3 upgrade and SSO isn't functional, and we have no ability to debug why. Very, very frustrating.

0 Karma

mkolkebeck
Path Finder

Right, 6.3 doesn't appear to break SSO itself, but I heavily rely on this page for testing/confirming it.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...