Splunk Enterprise

How to disable token using REST API?

ropo
Engager

Hello,

I do success to disable/enable tokens using the WEB interface.  

But curl command fails while trying to disable token using REST API.

ropo_0-1704270183905.png

Executing GET method works OK:

curl -k -u USER1:USER_PASW -X GET https://localhost:8089/services/authorization/tokens -d id=80e7402b9940a7ac761f259d1e3e49bad1417394924ad0909c8edfd8eb92800e

But PUT is failed with no clear error message:

curl -k -u USER1:USER_PASW  -X PUT https://localhost:8089/services/authorization/token/ron -d id=80e7402b9940a7ac761f259d1e3e49bad1417394924ad0909c8edfd8eb92800e -d status=disabled

The result is:

<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Not Found</msg>
</messages>
</response>

I tried to switch username between ron and david. 

What's wrong and how to locate more informative problem description.

Thanks in advance,

David

Labels (1)
Tags (1)
0 Karma
1 Solution

tej57
Contributor

Hello @ropo ,

I guess just the method that you've provided seems to be inappropriate. You'll need to use the POST method to disable the authentication token.

Example:

curl -k -u <username>:<password> -X POST https://<server>:<management_port>/services/authorization/tokens/<token_user> -d id=<token_id> -d status=disabled

Reference Doc - https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/ManageAuthTokens#Disable_an_existing.2C_...

 

---
If the above solution helps, an upvote is appreciated.

View solution in original post

0 Karma

tej57
Contributor

Hello @ropo ,

I guess just the method that you've provided seems to be inappropriate. You'll need to use the POST method to disable the authentication token.

Example:

curl -k -u <username>:<password> -X POST https://<server>:<management_port>/services/authorization/tokens/<token_user> -d id=<token_id> -d status=disabled

Reference Doc - https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/ManageAuthTokens#Disable_an_existing.2C_...

 

---
If the above solution helps, an upvote is appreciated.

0 Karma

ropo
Engager

Actually, the POST is only one problem, I have already gone through.

Thanks to your post has found syntax error - "/token/" instead of "/tokens/" 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...