REST API for local user not working through SHC lo...

att35 · ‎01-11-2024

Hi all,

I am trying to authenticate a user against REST API but when testing via CURL, it is failing when using LB URL(F5). User has replicated across all SHC members and can login via UI.

# curl -k https://Splunk-LB-URL:8089/services/auth/login -d username=user -d password='password'
<?xml version="1.0" encoding="UTF-8"?>
<response>
  <messages>
    <msg type="WARN" code="incorrect_username_or_password">Login failed</msg>
  </messages>
</response>

But when I try this same against the SH member directly, it works.

# curl -k https://Splunk-SearchHead:8089/services/auth/login -d username=user -d password='password'
 <response>
<sessionKey>gULiq_E7abGyEchXyw7rxzwi83Fhdh8gIGjPGBouFUd37GuXF</sessionKey>
  <messages>
    <msg code=""></msg>
  </messages>
</response>

Initially I thought it could be something on the LB side but then for "admin" user, LB URL works just fine.

# curl -k https://Splunk-LB-URL:8089/services/auth/login -d username=admin -d password='password'
 <response>
<sessionKey>gULiq_E7abGyEchXyw7rxzwi83Fhdh8gIGjPGBouFUd37GuXF</sessionKey>
  <messages>
    <msg code=""></msg>
  </messages>
</response>

Has anyone come across issue like this? Why would admin work fine on LB but a new local user works only against direct SH and not via load balancer?

REST API for local user not working through SHC load balancer URL

search head

search head clustering

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

Are you a member of the Splunk Community?