Solved: Re: What is the best practice for managing your SA...

pkeller · ‎03-29-2018

etc/system/local/authentication.conf and etc/system/metadata/local.meta both contain many old entries of users that may no longer be using the platform. The files both get updated automatically when a new user logs in.

On a search cluster, is there a recommended solution for removing these entries?

My plan was just to shutdown the cluster members, removing all the cached data and restarting, but is there a less disruptive way?

Thank you.

anaidu_splunk · ‎01-30-2020

There are a few ways to clean up the cache;

i) Restart of splunk,
ii) Or run comand below;
./splunk _internal call /authentication/providers/services/_reload -auth admin:changeme

iii) Or hit the rest endpoint;
"| rest splunk_server=* /services/authentication/providers/services/_reload "

View solution in original post

anaidu_splunk · ‎01-30-2020

There are a few ways to clean up the cache;

i) Restart of splunk,
ii) Or run comand below;
./splunk _internal call /authentication/providers/services/_reload -auth admin:changeme

iii) Or hit the rest endpoint;
"| rest splunk_server=* /services/authentication/providers/services/_reload "

What is the best practice for managing your SAML cache?

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?