Tried opening the "Okta Identity Cloud Add-on for Splunk" from UI to check the configuration and settings, but it keeps showing that it's loading, but it doesn't actually load. I checked the "ta_okta_identity_cloud_for_splunk_okta_identity_cloud.log" file from CLI and here is what it returned.
>>>>>tail -f ta_okta_identity_cloud_for_splunk_okta_identity_cloud.log<<<<<
File "/opt/splunk/etc/apps/TA-Okta_Identity_Cloud_for_Splunk/bin/ta_okta_identity_cloud_for_splunk/solnlib/packages/requests/api.py", line 53, in request
return session.request(method=method, url=url, **kwargs)
File "/opt/splunk/etc/apps/TA-Okta_Identity_Cloud_for_Splunk/bin/ta_okta_identity_cloud_for_splunk/solnlib/packages/requests/sessions.py", line 468, in request
resp = self.send(prep, **send_kwargs)
File "/opt/splunk/etc/apps/TA-Okta_Identity_Cloud_for_Splunk/bin/ta_okta_identity_cloud_for_splunk/solnlib/packages/requests/sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "/opt/splunk/etc/apps/TA-Okta_Identity_Cloud_for_Splunk/bin/ta_okta_identity_cloud_for_splunk/solnlib/packages/requests/adapters.py", line 447, in send
raise SSLError(e, request=request)
SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:741)
2021-09-09 11:55:38,725 INFO pid=25100 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2021-09-09 11:55:38,733 ERROR pid=25100 tid=MainThread file=splunk_rest_client.py:request:144 | Failed to issue http request=GET to url=https://127.0.0.1:8089/servicesNS/nobody/TA-Okta_Identity_Cloud_for_Splunk/TA_Okta_Identity_Cloud_fo..., error=Traceback (most recent call last):
File "/opt/splunk/etc/apps/TA-Okta_Identity_Cloud_for_Splunk/bin/ta_okta_identity_cloud_for_splunk/solnlib/splunk_rest_client.py", line 140, in request
verify=verify, proxies=proxies, cert=cert, **kwargs)
File "/opt/splunk/etc/apps/TA-Okta_Identity_Cloud_for_Splunk/bin/ta_okta_identity_cloud_for_splunk/solnlib/packages/requests/api.py", line 53, in request
return session.request(method=method, url=url, **kwargs)
File "/opt/splunk/etc/apps/TA-Okta_Identity_Cloud_for_Splunk/bin/ta_okta_identity_cloud_for_splunk/solnlib/packages/requests/sessions.py", line 468, in request
resp = self.send(prep, **send_kwargs)
File "/opt/splunk/etc/apps/TA-Okta_Identity_Cloud_for_Splunk/bin/ta_okta_identity_cloud_for_splunk/solnlib/packages/requests/sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "/opt/splunk/etc/apps/TA-Okta_Identity_Cloud_for_Splunk/bin/ta_okta_identity_cloud_for_splunk/solnlib/packages/requests/adapters.py", line 447, in send
raise SSLError(e, request=request)
SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:741)
Hello @ethicalmk
You could possible try two things,
Please check the firewall rules open between Okta server and Splunk.
Also the Service account which you are creating in the addon has necessary privileges to access Okta logs.
Hope this info helps
Hey,
is it possible that you are running this addon on server with old OS or Splunk software?
Try update your OS and/or Splunk to solve this problem.