Splunk Enterprise

Enable Username/Password Authentication With SSO

isplunktoo
New Member

 

Hi,

my employer uses Splunk Enterprise v9.1.2 which is running On-Prem. We have recently enabled SSO with Azure.

After enabling SSO we noticed that authentication to the REST API no longer worked with PAT tokens or username/password authentication methods.

I created an Authentication Extension script using the example SAML_script_azure.py script. I implemented the getUserInfo() function which has allowed users to authenticate to the REST API and CLI commands with PAT tokens.

However, I have been unable to make username/password authentication work with the REST API or CLI since I enabled SSO. I tried adding a login() function to my Authentication Extension script but it does not work. The option for "Allow Token Based Authentication Only" is set to false. The login() function is not called when a user sends a request to API with username/password like this example:

 

 

 

 

curl --location 'https://mysplunkserver.company.com:8089/services/search/jobs?output_mode=json' --header 'Content-Type: text/plain'  --data search="search index=main | head 1 " -u me

 

 

 

 

These are the documentation pages I have been referencing:

https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/ConfigureauthextensionsforSAMLtokens 

https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/Createtheauthenticationscript 

 

It is possible to use username/password for API and CLI authentication with SSO enabled?

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...