Hi, my employer uses Splunk Enterprise v9.1.2 which is running On-Prem. We have recently enabled SSO with Azure. After enabling SSO we noticed that authentication to the REST API no longer worked with PAT tokens or username/password authentication methods. I created an Authentication Extension script using the example SAML_script_azure.py script. I implemented the getUserInfo() function which has allowed users to authenticate to the REST API and CLI commands with PAT tokens. However, I have been unable to make username/password authentication work with the REST API or CLI since I enabled SSO. I tried adding a login() function to my Authentication Extension script but it does not work. The option for "Allow Token Based Authentication Only" is set to false. The login() function is not called when a user sends a request to API with username/password like this example: curl --location 'https://mysplunkserver.company.com:8089/services/search/jobs?output_mode=json' --header 'Content-Type: text/plain' --data search="search index=main | head 1 " -u me These are the documentation pages I have been referencing: https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/ConfigureauthextensionsforSAMLtokens https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/Createtheauthenticationscript It is possible to use username/password for API and CLI authentication with SSO enabled?
... View more