Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Scripted auth and search filters in 4.1

zscgeek
Path Finder
‎04-07-2010 10:31 PM

I am trying to get scripted auth working on the new 4.1. I had a configuration on 3.4.x that worked great but after moving to 4.1 bits I can no longer get per account search filters to work. What it looks like based on debug level logging (AuthenticationManagerScripted=debug) is that the scripted auth model is never asking my script for the search filters.

My Authentication.conf is:

[authentication]
authSettings = VoxeoAuth
authType = Scripted

# scriped auth
[VoxeoAuth]
scriptPath = $SPLUNK_HOME/bin/python $SPLUNK_HOME/etc/apps/voxsearch/auth-search.py
# have also tried setting this to 1 per the docs. 
scriptSearchFilters = True

[cacheTiming]
userLoginTTL    = 60
searchFilterTTL = 60
getSearchFilterTTL = 60
getUserInfoTTL  = 60
getUserTypeTTL  = 60
getUsersTTL     = 60

THe auth script snippet is below: 

def getSearchFilter( infoIn  ):
  user      = infoIn['username']
  rc,accountid,role = doAuth(user,"")
  retDict = {}
  retDict[RETURN_KEY] = FAILED
  if (rc=="ok"):
    retDict[RETURN_KEY] = SUCCESS
    if (role != "VOXEON"):
      retDict[SRCH_FILT] = "accountid=" + str(accountid)
  return retDict

Any idea what might be going on? Was there a change in 4.x in how search filters are setup for scripted auth users?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Erik_Swan
Splunk Employee
Splunk Employee
‎04-07-2010 10:36 PM

Turns out that this has not worked since 3.4 😉

It has been fixed and should be part of 4.1.1 which should be out in a week or so. I'll see if there is not a work around in the mean time

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Erik_Swan
Splunk Employee
Splunk Employee
‎04-07-2010 10:36 PM

Turns out that this has not worked since 3.4 😉

It has been fixed and should be part of 4.1.1 which should be out in a week or so. I'll see if there is not a work around in the mean time

0 Karma
Reply
Solved! Jump to solution

zscgeek
Path Finder
‎04-07-2010 11:41 PM

See what happens when I stop using new releases? 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...