Splunk Enterprise

Why am I receiving "Forbidden: Strict SSO Mode" error on a fresh install?

shaffi
New Member

Just installed Splunk Free on a CentOS VPS. Every time I try to access Splunk Web, I get the following error

Forbidden: Strict SSO Mode

View more information about your request (request ID = 5817aa24fe7f6a4818a910) in Search 

You are using http://myurl:8000, which is connected to splunkd @59c8927def0f at https://127.0.0.1:8089 on Mon Oct 31 20:31:33 2016.

I have had this problem from the beginning. Since then I've changed the following line in web.conf:

SOMode = permissive

And the following in server.conf:

allowRemoteLogin = always

Have played with a couple of other settings to no avail. After making changes, I restart the service.

Any ideas?

0 Karma

rharrisssi
Path Finder

From a fresh install when running on my local laptop for development and testing, I've had to do the following. I'm connecting to localhost, and suspect you're doing the same?

Add allowRemoteLogin to server.conf [general] section.

[general]
allowRemoteLogin=always

Create web.conf and populate with:

[settings]
appServerPorts = 0
0 Karma

suarezry
Builder

Hi, I was curious to see if you found out what the problem was?

0 Karma

suarezry
Builder

You are not supposed to edit the files in $SPLUNK_HOME/etc/system/default directly. Copy the settings you want to change to $SPLUNK_HOME/etc/system/local, ie:

$SPLUNK_HOME/etc/splunk/system/local/web.conf

[settings]
SSOMode = strict
allowSsoWithoutChangingServerConf = 0

This should get you back to local auth. I'm not sure why you were playing with the SSO config in the first place (as it's off by default).

0 Karma

shaffi
New Member

I've copied the file to $SPLUNK_HOME/etc/splunk/system/local/web.conf and made suggested changes, but am still seeing the error after reloading the service.

The only reason I was playing around with SSO config is because I've been getting this error since I first started splunk after the first install, and have not yet been able to access the web interface.

0 Karma

suarezry
Builder

What's in your server.conf?

0 Karma

shaffi
New Member
0 Karma

suarezry
Builder

I don't see anything in your config that would force SSO. If it was me, since this is a fresh install, I would just uninstall and make sure the old configs are gone and install again to see if I get the same problem.

If you really want to troubleshoot then you can enable http://YourSplunkServer:8000/debug/sso to give you some debugging info.

0 Karma

suarezry
Builder

Are you trying get SSO working with reverse proxy? Is your proxy Apache running on the same host as splunk? Can you post your entire web.conf?

0 Karma

shaffi
New Member

Hi suarezry, no I am just trying to access the web interface remotely, no proxy and no SSO. This is literally the first time I've installed splunk and so am just trying to access the web interface. web.conf as reqeusted:

http://pastebin.com/7cviHLXr

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...