Delete old SAML users on SHCluster

Security

Hi there,

I try to delete old SAML users on a SHCluster with Splunk 7.1.4.
I followed instructions here https://answers.splunk.com/answers/525555/how-do-i-remove-old-saml-users.html but I still have these users in the access control > users page.

More surprisingly, if I request
curl -k -u admin:{password} --request GET https://{searchhead}:8089/services/admin/SAML-user-role-map/{user}
I have a positive answer (user found)

But if I request
curl -k -u admin{password} --request DELETE https://{searchhead}:8089/services/admin/SAML-user-role-map/{user}
It says : In handler 'SAML-user-role-map': Does not exist: /nobody/system/authentication/userToRoleMap_SAML/{user}

These users are not in /etc/users folder nor in authentication.conf file
I also tried with authentication/users method.
I tried to complete with debug/refresh and restart the SHCluster without the expected result.

Any idea ?

Regards,
Francois

Get Updates on the Splunk Community!

What Is Splunk? Here’s What You Can Do with Splunk

Hey Splunk Community, we know you know Splunk. You likely leverage its unparalleled ability to ingest, index, ...

Level Up Your .conf25: Splunk Arcade Comes to Boston

With .conf25 right around the corner in Boston, there’s a lot to look forward to — inspiring keynotes, ...

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Although it might seem daunting, as we’ve seen in this series, manual instrumentation can be straightforward ...

Are you a member of the Splunk Community?