I've configured an Apache server to provide SSO and reverse-proxying for our Splunk installation as per the config below. SSO works as does the reverse-proxy hiding the Splunk instance running on port 8000 behind the /splunk URL.
ProxyPass /splunk http://localhost:8000/splunk
ProxyPassReverse /splunk http://localhost:8000/splunk
<Location /splunk >
# Kerberos Authentication
AuthType Kerberos
AuthName "Kerberos Login"
KrbAuthRealms MYDOMAIN.COM
Krb5KeyTab /etc/krb5.http.keytab
KrbMethodNegotiate on
KrbAuthoritative on
KrbMethodK5Passwd off
KrbLocalUserMapping on
KrbSaveCredentials on
require valid-user
# SSO
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)$
RewriteRule . - [E=RU:%1]
RequestHeader set REMOTE_USER %{RU}e
</Location>
The problem is in the Apache logs I'm getting a LOT of the following error messages.
[client x.x.x.x] Request exceeded the limit of 10 subrequest nesting levels due to probable confguration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://splunk.mydomain.com/splunk/en-GB/debug/sso
I'm not sure whether this problem is related to Splunk or not. Has anyone else seen this and how can I fix the problem?
Try
RewriteRule . - [E=RU:%1,NS]
To make sure the RewriteRule doesn't apply to internal subrequests.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With