Getting Data In

How to I trigger reload of authentication configuration programmatically?

juniormint
Communicator

There is a button in the GUI which triggers a reload of authentication configuration (see screenshot below). Is there a way trigger a reload programmically? Maybe via the REST API?

screen of reload button in web UI

0 Karma
1 Solution

juniormint
Communicator

This seems to work and is available through the management port.

curl -k -u admin:changeme https://splunkserver:8089/services/authentication/providers/services/_reload

View solution in original post

mitag
Contributor
./splunk reload auth

... per Securing Splunk Enterprise > Edit authentication.conf. (Other answers include the command but not the corresponding Splunk LB article.)

juniormint
Communicator

This seems to work and is available through the management port.

curl -k -u admin:changeme https://splunkserver:8089/services/authentication/providers/services/_reload

View solution in original post

mkolkebeck
Path Finder

This worked great! BTW, here's a much easier way of doing it across all accessible search peer instances (e.g. via a central DMC system) via search:

| rest splunk_server=* /services/authentication/providers/services/_reload

Note: It won't return any results, but it will work for those distributed search peers that are accessible.

And way to check if it worked:

| rest splunk_server=* /services/authentication/users

juniormint
Communicator

figured it out...answer below

0 Karma

juniormint
Communicator

Is there a management port rest endpoint for refreshing?

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi juniormint,

don't look to far, good things are so close 😉
You can use this simple Splunk command to do this:

./splunk _internal call /authentication/providers/services/_reload -auth

Result will look like this:

QUERYING: 'https://127.0.0.1:8089/services/authentication/providers/services/_reload'
Your session is invalid.  Please login.
Splunk username: 
Password:
HTTP Status: 200.
Content:
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
  <title>auth-services</title>
  <id>https://127.0.0.1:8089/services/authentication/providers/services</id>
  <updated>2014-04-02T08:39:45+02:00</updated>
  <generator build="163460" version="5.0.3"/>
  <author>
    <name>Splunk</name>
  </author>
  <link href="/services/authentication/providers/services/_reload" rel="_reload"/>
  <opensearch:totalResults>0</opensearch:totalResults>
  <opensearch:itemsPerPage>30</opensearch:itemsPerPage>
  <opensearch:startIndex>0</opensearch:startIndex>
  <s:messages/>
</feed>

Done 🙂
If you setup an cron job or a script you can fire it when ever you need it/want to.

hope this helps ...

cheers, MuS

MuS
SplunkTrust
SplunkTrust

You're welcome. Please tick the tick to mark it as answered

0 Karma

splunkgk
Path Finder

Hi Mus,
I have issues with authentication configurations. Recently I have updated installed the spunk license from spunk UI and restarted services. After restart, I have lost the Slunk SAML configuration which I have set to Onelogin. Now I am trying reload the authentication method but I am not able to redirect login to Onelogin (SSO). I also tried to rec configure SAML settings with same values and I am getting sAML is already configured.

SAML has already been configured. Cannot add a new SAML configuration.saml

since I found this is a relevant thread on spunk authentication configuration, thought to check with you. Your help is appreciated .

-Thanks.

0 Karma

juniormint
Communicator

Thanks MuS! This is pretty good. I'm still interested in figuring out what I am doing wrong with my curl command...but your answer looks like it will for me.

0 Karma

juniormint
Communicator

hmmm...seems close. not sure what I am doing wrong.
curl -k -u admin:changeme http://localhost:8000/debug/refresh?entity=admin/auth-services

 This resource can be found at <a href='http://localhost:8000/en-US/debug/refresh?entity=admin%2Fauth-services'>http://localhost:8000/en-US/debug/refresh?entity=admin%2Fauth-services</a>.
0 Karma

somesoni2
Revered Legend

Try this Rest API endpoint

http(s)://yourserver:8000/en-US/debug/refresh?entity=admin/auth-services

You can use curl or similar tools to launch this.

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!