REST API for local user not working through SHC lo...

att35 · ‎01-11-2024

Hi all,

I am trying to authenticate a user against REST API but when testing via CURL, it is failing when using LB URL(F5). User has replicated across all SHC members and can login via UI.

# curl -k https://Splunk-LB-URL:8089/services/auth/login -d username=user -d password='password'
<?xml version="1.0" encoding="UTF-8"?>
<response>
  <messages>
    <msg type="WARN" code="incorrect_username_or_password">Login failed</msg>
  </messages>
</response>

But when I try this same against the SH member directly, it works.

# curl -k https://Splunk-SearchHead:8089/services/auth/login -d username=user -d password='password'
 <response>
<sessionKey>gULiq_E7abGyEchXyw7rxzwi83Fhdh8gIGjPGBouFUd37GuXF</sessionKey>
  <messages>
    <msg code=""></msg>
  </messages>
</response>

Initially I thought it could be something on the LB side but then for "admin" user, LB URL works just fine.

# curl -k https://Splunk-LB-URL:8089/services/auth/login -d username=admin -d password='password'
 <response>
<sessionKey>gULiq_E7abGyEchXyw7rxzwi83Fhdh8gIGjPGBouFUd37GuXF</sessionKey>
  <messages>
    <msg code=""></msg>
  </messages>
</response>

Has anyone come across issue like this? Why would admin work fine on LB but a new local user works only against direct SH and not via load balancer?

REST API for local user not working through SHC load balancer URL

search head

search head clustering

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies