- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: How to I trigger reload of authentication conf...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is a button in the GUI which triggers a reload of authentication configuration (see screenshot below). Is there a way trigger a reload programmically? Maybe via the REST API?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This seems to work and is available through the management port.
curl -k -u admin:changeme https://splunkserver:8089/services/authentication/providers/services/_reload
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
./splunk reload auth
... per Securing Splunk Enterprise > Edit authentication.conf. (Other answers include the command but not the corresponding Splunk LB article.)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This seems to work and is available through the management port.
curl -k -u admin:changeme https://splunkserver:8089/services/authentication/providers/services/_reload
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This worked great! BTW, here's a much easier way of doing it across all accessible search peer instances (e.g. via a central DMC system) via search:
| rest splunk_server=* /services/authentication/providers/services/_reload
Note: It won't return any results, but it will work for those distributed search peers that are accessible.
And way to check if it worked:
| rest splunk_server=* /services/authentication/users
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
figured it out...answer below
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there a management port rest endpoint for refreshing?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi juniormint,
don't look to far, good things are so close 😉
You can use this simple Splunk command to do this:
./splunk _internal call /authentication/providers/services/_reload -auth
Result will look like this:
QUERYING: 'https://127.0.0.1:8089/services/authentication/providers/services/_reload'
Your session is invalid. Please login.
Splunk username:
Password:
HTTP Status: 200.
Content:
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>auth-services</title>
<id>https://127.0.0.1:8089/services/authentication/providers/services</id>
<updated>2014-04-02T08:39:45+02:00</updated>
<generator build="163460" version="5.0.3"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/authentication/providers/services/_reload" rel="_reload"/>
<opensearch:totalResults>0</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
</feed>
Done 🙂
If you setup an cron job or a script you can fire it when ever you need it/want to.
hope this helps ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You're welcome. Please tick the tick to mark it as answered
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Mus,
I have issues with authentication configurations. Recently I have updated installed the spunk license from spunk UI and restarted services. After restart, I have lost the Slunk SAML configuration which I have set to Onelogin. Now I am trying reload the authentication method but I am not able to redirect login to Onelogin (SSO). I also tried to rec configure SAML settings with same values and I am getting sAML is already configured.
SAML has already been configured. Cannot add a new SAML configuration.saml
since I found this is a relevant thread on spunk authentication configuration, thought to check with you. Your help is appreciated .
-Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks MuS! This is pretty good. I'm still interested in figuring out what I am doing wrong with my curl command...but your answer looks like it will for me.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hmmm...seems close. not sure what I am doing wrong.
curl -k -u admin:changeme http://localhost:8000/debug/refresh?entity=admin/auth-services
This resource can be found at <a href='http://localhost:8000/en-US/debug/refresh?entity=admin%2Fauth-services'>http://localhost:8000/en-US/debug/refresh?entity=admin%2Fauth-services</a>.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this Rest API endpoint
http(s)://yourserver:8000/en-US/debug/refresh?entity=admin/auth-services
You can use curl or similar tools to launch this.
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
