REST API for local user not working through SHC lo...

att35 · ‎01-11-2024

Hi all,

I am trying to authenticate a user against REST API but when testing via CURL, it is failing when using LB URL(F5). User has replicated across all SHC members and can login via UI.

# curl -k https://Splunk-LB-URL:8089/services/auth/login -d username=user -d password='password'
<?xml version="1.0" encoding="UTF-8"?>
<response>
  <messages>
    <msg type="WARN" code="incorrect_username_or_password">Login failed</msg>
  </messages>
</response>

But when I try this same against the SH member directly, it works.

# curl -k https://Splunk-SearchHead:8089/services/auth/login -d username=user -d password='password'
 <response>
<sessionKey>gULiq_E7abGyEchXyw7rxzwi83Fhdh8gIGjPGBouFUd37GuXF</sessionKey>
  <messages>
    <msg code=""></msg>
  </messages>
</response>

Initially I thought it could be something on the LB side but then for "admin" user, LB URL works just fine.

# curl -k https://Splunk-LB-URL:8089/services/auth/login -d username=admin -d password='password'
 <response>
<sessionKey>gULiq_E7abGyEchXyw7rxzwi83Fhdh8gIGjPGBouFUd37GuXF</sessionKey>
  <messages>
    <msg code=""></msg>
  </messages>
</response>

Has anyone come across issue like this? Why would admin work fine on LB but a new local user works only against direct SH and not via load balancer?

REST API for local user not working through SHC load balancer URL

search head

search head clustering

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

Get Schooled with Splunk Education: Explore Our Latest Courses

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL