Solved: How to delete authorization token for non-existent...

justynap_ldz · ‎07-21-2023

Hello,

Does anyone know how to delete an authorization token for no more exisiting account in Splunk?
We have tried it in Web, but Splunk "Could not get info for non-existent user"

We have tried it on servers, too:
For curl -k -u <username>:<password> -X DELETE https://<server>:<management_port>/services/authorization/tokens/<token_user> -d id=<token_id>
we get:
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Could not find object id=xxxxx</msg>
</messages>
</response>

Is there any dir or file where authentication tokens are saved on Search Heads?
We need to get rid of internal errors that we receive for this non-existent user, but without token removal it will not be possible

Many thanks in advance for help!

Greetings,
Justyna

isoutamo · ‎07-21-2023

Hi

GUI didn't remove it? As I understand that pop up it still give you a possibility to remove token, even it cannot found user?

One option what you could try is just create a local Splunk user (exact same user id as earlier), then remove token and then remove user?

r. Ismo

View solution in original post

isoutamo · ‎07-21-2023

Hi

GUI didn't remove it? As I understand that pop up it still give you a possibility to remove token, even it cannot found user?

One option what you could try is just create a local Splunk user (exact same user id as earlier), then remove token and then remove user?

r. Ismo

justynap_ldz · ‎07-21-2023

Hi @isoutamo,
It worked, thank you for your prompt reply!
Much appreciated

BR,
Justyna

How to delete authorization token for non-existent user?

access control

authentication

login

SAML

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)