Security

Why is the scripted authentication failing after splunk restart?

thilleso
Path Finder

I've just set up scripted authentication with Atlassian Crowd from our Splunk Dev server, and had it working until I did a Splunk restart, when it suddenly stopped working. From the logs it seems like Splunk can't run the command anymore, after the restart.

02-15-2018 10:37:51.302 +0100 ERROR AuthenticationManagerScripted - Function 'userLogin' failed: Invocation of script '"/opt/splunk/bin/splunk cmd python" "/opt/splunk/bin/crowd-login.py"' failed
02-15-2018 10:37:51.302 +0100 ERROR ScriptRunner - Couldn't start child process. script="/opt/splunk/bin/splunk cmd python /opt/splunk/bin/crowd-login.py userLogin"
02-15-2018 10:37:51.300 +0100 DEBUG AuthenticationManagerScripted - Calling script '"/opt/splunk/bin/splunk cmd python" "/opt/splunk/bin/crowd-login.py" userLogin' (login arguments omitted) 

All configured files are the same, with the same permissions as before. The only thing done from one state to the next was the splunk restart command.

Any help is appreciated.

$SPLUNK_HOME/etc/system/local/authentication.conf

[authentication]
authType = Scripted
authSettings = script

[script]
scriptPath = "/opt/splunk/bin/splunk cmd python" "/opt/splunk/bin/crowd-login.py" # this command works from the CLI

# Cache results for different times per function
[cacheTiming]
userLoginTTL = 10s
getUserInfoTTL = 1m
getUsersTTL = 2m

crowd-login.py was collected from https://github.com/planettelex/splunk-crowd-auth

0 Karma
1 Solution

thilleso
Path Finder

Found the issue. In crowd-login.py the first line defined another python environment which messed everything up.
Removed the first line #!/usr/bin/env python and everything works as expected.

Also updated authentication.conf with

[script]
scriptPath = /opt/splunk/bin/python /opt/splunk/bin/crowd-login.py

View solution in original post

0 Karma

thilleso
Path Finder

Found the issue. In crowd-login.py the first line defined another python environment which messed everything up.
Removed the first line #!/usr/bin/env python and everything works as expected.

Also updated authentication.conf with

[script]
scriptPath = /opt/splunk/bin/python /opt/splunk/bin/crowd-login.py
0 Karma

ansif
Motivator

@thilleso : Could you please let me know how scripted authentication takes input ,username and password from login page?

I need to do some custom authentication which required inputs should take from login page and then do call a REST API to validate credential.

This is my question in Splunk answer,hope your answer or comment will help me to build a script.

https://answers.splunk.com/answers/616517/splunk-scripted-authentication-with-servicenow.html

0 Karma

thilleso
Path Finder

It takes the intput arguments from the standard weblogin page args[USERNAME] and args['password']

Se more details in $SPLUNK_HOME/share/splunk/authScriptSamples/dumbScripted.py

ansif
Motivator

Thanks @thilleso

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...