https://community.splunk.com/t5/Getting-Data-In/Curl-with-negotiate-to-run-a-search/m-p/168695#M34151 <P>To be clear...my fail above was trying to access REST API endpoints not available through the web UI. </P> <P>Not supporting SSO for the REST API seems like a miss to me. Would love to hear peoples thoughts if there are good security reasons for not having it.</P> <P><A href="http://docs.splunk.com/Documentation/Splunk/6.0.1/Security/HowSplunkSSOworks">http://docs.splunk.com/Documentation/Splunk/6.0.1/Security/HowSplunkSSOworks</A></P> <P>"Splunk's SSO implementation supports logging into Splunk via Splunk Web only. Since Splunk SSO relies on cookies to save authentication information, SSO cannot be used for CLI authentication to Splunk. Invoking <A href="https://localhost:8089">https://localhost:8089</A> (or the assigned management port) still requires independent authentication."</P> Thu, 27 Feb 2014 23:28:39 GMT juniormint 2014-02-27T23:28:39Z https://community.splunk.com/t5/Getting-Data-In/Curl-with-negotiate-to-run-a-search/m-p/168694#M34150 <P>I am interacting with a splunk server using apache to do single sign to the Splunk web UI. </P> <P>If I go to the following url in a web browser I get signed on and the page loads; which is great. </P> <PRE><CODE><A href="https://mysplunk.test.com/en-US/app/MyApp/MyDashboard" target="test_blank">https://mysplunk.test.com/en-US/app/MyApp/MyDashboard</A> </CODE></PRE> <P>Using curl I can run something like the following and get my dashboard back; which seems great as well.</P> <PRE><CODE>curl --negotiate --user a:a <A href="https://mysplunk.test.com/en-US/app/MyApp/MyDashboard" target="test_blank">https://mysplunk.test.com/en-US/app/MyApp/MyDashboard</A> </CODE></PRE> <P>I was hoping that the following would also work...but no. Do I just have a simple error, or is this not possible?</P> <PRE><CODE>curl --negotiate -u a:a <A href="https://mysplunk.test.com/servicesNS/admin/search/search/jobs/export" target="test_blank">https://mysplunk.test.com/servicesNS/admin/search/search/jobs/export</A> -d output_mode=json --data-urlencode search="| eventcount summarize=f index=MyApps_* | stats count by index" </CODE></PRE> <P>The response I get is </P> <PRE><CODE>This resource can be found at &lt;a href='https://localhost:8443/en-US/servicesNS/admin/search/search/jobs/export'&gt;https://localhost:8443/en-US/servicesNS/admin/search/search/jobs/export&lt;/a&gt; </CODE></PRE> Thu, 27 Feb 2014 17:23:17 GMT https://community.splunk.com/t5/Getting-Data-In/Curl-with-negotiate-to-run-a-search/m-p/168694#M34150 juniormint 2014-02-27T17:23:17Z https://community.splunk.com/t5/Getting-Data-In/Curl-with-negotiate-to-run-a-search/m-p/168695#M34151 <P>To be clear...my fail above was trying to access REST API endpoints not available through the web UI. </P> <P>Not supporting SSO for the REST API seems like a miss to me. Would love to hear peoples thoughts if there are good security reasons for not having it.</P> <P><A href="http://docs.splunk.com/Documentation/Splunk/6.0.1/Security/HowSplunkSSOworks">http://docs.splunk.com/Documentation/Splunk/6.0.1/Security/HowSplunkSSOworks</A></P> <P>"Splunk's SSO implementation supports logging into Splunk via Splunk Web only. Since Splunk SSO relies on cookies to save authentication information, SSO cannot be used for CLI authentication to Splunk. Invoking <A href="https://localhost:8089">https://localhost:8089</A> (or the assigned management port) still requires independent authentication."</P> Thu, 27 Feb 2014 23:28:39 GMT https://community.splunk.com/t5/Getting-Data-In/Curl-with-negotiate-to-run-a-search/m-p/168695#M34151 juniormint 2014-02-27T23:28:39Z