We have restricted access to Splunk via the REST API. We have created a user where we think we have allowed this capability. Trying the command:
curl -k https://splunkserver:8089/services/auth/login -d username=restuser -d password=password
Get a message that login fails.
The user restuser inherits from the user role and restaccess role.
authorize.conf contains:
[role_restaccess]
importRoles = user
rtSrchJobsQuota = 0
srchIndexesAllowed = *;_*
srchIndexesDefault = *;main
srchJobsQuota = 4
srchMaxTime = 0
rest\_properties\_get = enabled
rest\_apps\_view = enabled
~~~~~~
Any suggestions?
Yes. The configuration of our environment runs pretty much using Apps. Security is also controlled through an app (including LDAP configuration) with only server specific settings configured locally. We had to coordinate the local settings with the app controlled settings.
rmorlen, were you able to resolve this?
I used a different endpoint, this may be of some help:
servicesNS/admin/$app/auth/login
Sorry, I can't reproduce locally or remotely. Are you sure this isn't an issue where you need to quote or escape characters in the password?