Splunk Synthetic Monitoring now supports a suite of authentication protocols beyond Basic Authentication in the Chrome browser, including Basic, NTLM, Kerberos, and Digest. Use the Authentication field to add credentials to authenticate with sites that require additional security protocols, especially from within a corporate network.
By using Concealed Global Variables in the Authentication field, you create an additional layer of security for your credentials and make it easy to share credentials across checks.
Note: The new Authentication field is only available for Real Browser Checks in Chrome. Firefox Checks still support Basic Authentication.
Add credentials to a Real Browser Check using the Authentication field
Follow these steps to use the Authentication field:
- To maximize security, begin by creating Concealed Global Variables to save the credentials you want to use. See Create a Concealed Global Variable to learn more.
- Create or edit an existing Real Browser Check. See How Do I Create a Real Browser Check? to learn more.
- In the Authentication field of your Real Browser Check, reference your new Concealed Global Variable. See Use a Global Variable in a Check to learn how.
Note: You can only enter one set of credentials in the Authentication field, so you can’t use multiple sets of credentials in a given Real Browser Check.
Troubleshoot the migration to the new Authentication field
When Splunk Synthetic Monitoring upgraded Real Browser Checks to the new suite of security protocols, credentials in Basic Authentication fields were securely migrated to Concealed Global Variables and referenced in the new Authentication field. No action is required to continue using these credentials in your Checks.
When was my account migrated to the new Authentication field?
Splunk Synthetic Monitoring has added a system event documenting the migration in the check result graphs of all Real Browser Checks. Use this event to examine the timing and determine whether the migration resulted in any issues with your checks.
What if any of my checks start failing after the migration?
If you encounter problems with the migration, there may be an issue with your server's adherence to the Authentication protocol.
When the browser makes an initial request to the site, the site must respond with the WWW-Authenticate
header and a 401 response code. If the site doesn’t respond correctly, then the browser doesn’t know to send over the credentials and the check fails. This behavior mimics the actual user experience: in cases where the WWW-Authenticate
header is missing from the server, actual users would never be given a dialog from the browser to enter credentials and the page would return an error.
See the Authentication RFC to learn more: https://datatracker.ietf.org/doc/html/rfc7235#section-4.1.
How can I resolve check failures after the migration?
Ideally, you should upgrade your server to ensure it sends back the WWW-Authenticate
header properly. If that is not currently an option, you can manually set a custom Authorization
header on the check.
Add an Authorization
header to an existing check
If an existing check is failing, follow these steps to add a custom Authorization
header:
- In the list of Real Browser Checks, click the check you want to edit.
- In the Performance History panel, click the circle for a past successful run. The Run History page opens in a new tab.
- In the Run History page, scroll to the waterfall chart and click on the first request row to open its Headers tab.
- Scroll to the Request Headers section and copy the value for the Authorization header to your clipboard.
- Scroll to the top of the page and click the Gear icon > Edit to edit the check.
- In the Check Configuration view, click the Advanced tab.
- In the Authentication field, delete the existing key and value.
- In the Custom Headers field, click + Add Custom Header. A new Custom Header field opens.
- In the Name field, type "Authorization".
- In the Value field, paste the value you copied in step 4.
- Save the check.
Add an Authorization
header to a new check
If a new check is failing, you can manually Base64-encode your credentials and provide them in a custom header:
- While you're creating or editing your Real Browser Check, click the Advanced tab.
- Delete the existing key and value in the Authentication field.
- In the Custom Headers field, click + Add Custom Header. A new Custom Header field opens.
- In the Name field, type "Authorization".
- Base64-encode your credentials by doing the following:
- Concatenate your username and password using a colon. For example, if your username is
broomsmaker
and your password isbear123
, typebroomsmaker:bear123
. - Base64-encode the resulting string. You can use https://www.base64encode.org/ to do the encoding. For example:
YnJvb21zbWFrZXI6YmVhcjEyMw==
. - Prepend the string with "Basic: ". For example:
Basic: YnJvb21zbWFrZXI6YmVhcjEyMw==
.
- Concatenate your username and password using a colon. For example, if your username is
- In the Value field, paste the string you created in step 5.
- Save the check.