Hi,

my employer uses Splunk Enterprise v9.1.2 which is running On-Prem. We have recently enabled SSO with Azure.

After enabling SSO we noticed that authentication to the REST API no longer worked with PAT tokens or username/password authentication methods.

I created an Authentication Extension script using the example SAML_script_azure.py script. I implemented the getUserInfo() function which has allowed users to authenticate to the REST API and CLI commands with PAT tokens.

However, I have been unable to make username/password authentication work with the REST API or CLI since I enabled SSO. I tried adding a login() function to my Authentication Extension script but it does not work. The option for "Allow Token Based Authentication Only" is set to false. The login() function is not called when a user sends a request to API with username/password like this example:

curl --location 'https://mysplunkserver.company.com:8089/services/search/jobs?output_mode=json' --header 'Content-Type: text/plain'  --data search="search index=main | head 1 " -u me

These are the documentation pages I have been referencing:

https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/ConfigureauthextensionsforSAMLtokens 

https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/Createtheauthenticationscript 

It is possible to use username/password for API and CLI authentication with SSO enabled?