I am trying to get scripted auth working on the new 4.1. I had a configuration on 3.4.x that worked great but after moving to 4.1 bits I can no longer get per account search filters to work. What it looks like based on debug level logging (AuthenticationManagerScripted=debug) is that the scripted auth model is never asking my script for the search filters.

My Authentication.conf is:

[authentication]
authSettings = VoxeoAuth
authType = Scripted

# scriped auth
[VoxeoAuth]
scriptPath = $SPLUNK_HOME/bin/python $SPLUNK_HOME/etc/apps/voxsearch/auth-search.py
# have also tried setting this to 1 per the docs. 
scriptSearchFilters = True

[cacheTiming]
userLoginTTL    = 60
searchFilterTTL = 60
getSearchFilterTTL = 60
getUserInfoTTL  = 60
getUserTypeTTL  = 60
getUsersTTL     = 60

THe auth script snippet is below:

def getSearchFilter( infoIn  ):
  user      = infoIn['username']
  rc,accountid,role = doAuth(user,"")
  retDict = {}
  retDict[RETURN_KEY] = FAILED
  if (rc=="ok"):
    retDict[RETURN_KEY] = SUCCESS
    if (role != "VOXEON"):
      retDict[SRCH_FILT] = "accountid=" + str(accountid)
  return retDict

Any idea what might be going on? Was there a change in 4.x in how search filters are setup for scripted auth users?