Getting Data In

How to I trigger reload of authentication configuration programmatically?

Communicator

There is a button in the GUI which triggers a reload of authentication configuration (see screenshot below). Is there a way trigger a reload programmically? Maybe via the REST API?

screen of reload button in web UI

0 Karma
1 Solution

Communicator

This seems to work and is available through the management port.

curl -k -u admin:changeme https://splunkserver:8089/services/authentication/providers/services/_reload

View solution in original post

Contributor
./splunk reload auth

... per Securing Splunk Enterprise > Edit authentication.conf. (Other answers include the command but not the corresponding Splunk LB article.)

Communicator

This seems to work and is available through the management port.

curl -k -u admin:changeme https://splunkserver:8089/services/authentication/providers/services/_reload

View solution in original post

Path Finder

This worked great! BTW, here's a much easier way of doing it across all accessible search peer instances (e.g. via a central DMC system) via search:

| rest splunk_server=* /services/authentication/providers/services/_reload

Note: It won't return any results, but it will work for those distributed search peers that are accessible.

And way to check if it worked:

| rest splunk_server=* /services/authentication/users

Communicator

figured it out...answer below

0 Karma

Communicator

Is there a management port rest endpoint for refreshing?

0 Karma

SplunkTrust
SplunkTrust

Hi juniormint,

don't look to far, good things are so close 😉
You can use this simple Splunk command to do this:

./splunk _internal call /authentication/providers/services/_reload -auth

Result will look like this:

QUERYING: 'https://127.0.0.1:8089/services/authentication/providers/services/_reload'
Your session is invalid.  Please login.
Splunk username: 
Password:
HTTP Status: 200.
Content:
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>auth-services</title>
  <id>https://127.0.0.1:8089/services/authentication/providers/services</id>
  <updated>2014-04-02T08:39:45+02:00</updated>
  <generator build="163460" version="5.0.3"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/authentication/providers/services/_reload" rel="_reload"/>
  <opensearch:totalResults>0</opensearch:totalResults>
  <opensearch:itemsPerPage>30</opensearch:itemsPerPage>
  <opensearch:startIndex>0</opensearch:startIndex>
  <s:messages/>
</feed>

Done 🙂
If you setup an cron job or a script you can fire it when ever you need it/want to.

hope this helps ...

cheers, MuS

SplunkTrust
SplunkTrust

You're welcome. Please tick the tick to mark it as answered

0 Karma

Explorer

Hi Mus,
I have issues with authentication configurations. Recently I have updated installed the spunk license from spunk UI and restarted services. After restart, I have lost the Slunk SAML configuration which I have set to Onelogin. Now I am trying reload the authentication method but I am not able to redirect login to Onelogin (SSO). I also tried to rec configure SAML settings with same values and I am getting sAML is already configured.

SAML has already been configured. Cannot add a new SAML configuration.saml

since I found this is a relevant thread on spunk authentication configuration, thought to check with you. Your help is appreciated .

-Thanks.

0 Karma

Communicator

Thanks MuS! This is pretty good. I'm still interested in figuring out what I am doing wrong with my curl command...but your answer looks like it will for me.

0 Karma

Communicator

hmmm...seems close. not sure what I am doing wrong.
curl -k -u admin:changeme http://localhost:8000/debug/refresh?entity=admin/auth-services

 This resource can be found at <a href='http://localhost:8000/en-US/debug/refresh?entity=admin%2Fauth-services'>http://localhost:8000/en-US/debug/refresh?entity=admin%2Fauth-services</a>.
0 Karma

SplunkTrust
SplunkTrust

Try this Rest API endpoint

http(s)://yourserver:8000/en-US/debug/refresh?entity=admin/auth-services

You can use curl or similar tools to launch this.