Hi there,
I try to delete old SAML users on a SHCluster with Splunk 7.1.4.
I followed instructions here https://answers.splunk.com/answers/525555/how-do-i-remove-old-saml-users.html but I still have these users in the access control > users page.
More surprisingly, if I request
curl -k -u admin:{password} --request GET https://{searchhead}:8089/services/admin/SAML-user-role-map/{user}
I have a positive answer (user found)
But if I request
curl -k -u admin{password} --request DELETE https://{searchhead}:8089/services/admin/SAML-user-role-map/{user}
It says : In handler 'SAML-user-role-map': Does not exist: /nobody/system/authentication/userToRoleMap_SAML/{user}
These users are not in /etc/users folder nor in authentication.conf file
I also tried with authentication/users method.
I tried to complete with debug/refresh and restart the SHCluster without the expected result.
Any idea ?
Regards,
Francois