Hello,
I am trying to troubleshoot an SSO issue with "deep" URLs.
SSO is configured with a reverse proxy which handles the CAS authentication via auth_mod_cas on Apache. It usually works.
I noticed that if the session gets stale I can recover by refreshing the home page of my splunk installation.
If, however, I try instead to directly access a deeper url (specific results of a search for instance) I get an empty result page (the splunk chrome is there but the contents are empty). If I then navigate to the home page and come back to my "deeper" URL the results are displayed fine.
This looks like a SSO issue but I fail to pinpoint the root cause -- it might be the reverse proxy (configuration below) but in that case why only some URLs are problematic?
Thank you for any pointers, hopefully this is not a bug but a misconfiguration on my side.
Apache configuration
All instances of "<" or ">" are replaced by respectively "[" and "]" since they are interpreted by the forum engine
[VirtualHost splunk.example.com:80]
ServerName splunk.example.com
DocumentRoot /var/www
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASLoginURL https://cas.example.com/cas/login?gateway=true
CASValidateURL https://cas.example.com/cas/proxyValidate
[Location /]
Authtype CAS
require valid-user
CASAuthNHeader Cas-User
[/Location]
ProxyPreserveHost On
ProxyPass / http://localhost:8000/
ProxyPassReverse / http://localhost:8000/
[/VirtualHost]
splunk's web.conf
SSOMode = strict
trustedIP = 127.0.0.1
remoteUser = Cas-User
server.conf has a trustedIP=127.0.0.1 line