1. System admin of Splunk creates "testuser" and password has to be set as default (changeme)
2. testuser accesses Splunk Web (http://10.10.10.10.:8000) and then he will see "are you first login user please change your password"
So I tried to create testuser on Splunk SDK for Java as follows:
String username = "testuser";
User user = service.getUsers().create(username);
But this exception occurs:
com.splunk.HttpException http400 - in handler 'users' : the following required arguments are missing: password
Are there people who have solved this issue? Please recommend what I should do as soon as possible.
Your error is from that you need to supply a password when you create a user. (I don't see Splunk adopting a "create users with a default password of changeme" since it would likely be a bad idea if every default password on every splunk instance was changeme... people already have been compromised by failing to change the admin users password immediately.)
You're not going to have a force change password workflow work with the built-in Splunk users and authentication out of the box. How it works for the admin user is upon first login of the UI (I'm not even sure it has to be the 'admin' user), Splunk looks for a $SPLUNKHOME/etc/.uilogin file. If not found, you get the prompt to change password, and this file is then created (even if you skip the page) and you're never prompted again. As this is not in a user specific location there's no way to tell if a particular user has not logged in since password change, and prompt for setting a new password with Splunk's built-in auth mechanisms
You may however be able to use Splunk SSO and and externalized user and authentication information to get something similar to work, but I'm not sure what that would look like exactly.