- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- Re: Why is the scripted authentication failing aft...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've just set up scripted authentication with Atlassian Crowd from our Splunk Dev server, and had it working until I did a Splunk restart, when it suddenly stopped working. From the logs it seems like Splunk can't run the command anymore, after the restart.
02-15-2018 10:37:51.302 +0100 ERROR AuthenticationManagerScripted - Function 'userLogin' failed: Invocation of script '"/opt/splunk/bin/splunk cmd python" "/opt/splunk/bin/crowd-login.py"' failed
02-15-2018 10:37:51.302 +0100 ERROR ScriptRunner - Couldn't start child process. script="/opt/splunk/bin/splunk cmd python /opt/splunk/bin/crowd-login.py userLogin"
02-15-2018 10:37:51.300 +0100 DEBUG AuthenticationManagerScripted - Calling script '"/opt/splunk/bin/splunk cmd python" "/opt/splunk/bin/crowd-login.py" userLogin' (login arguments omitted)
All configured files are the same, with the same permissions as before. The only thing done from one state to the next was the splunk restart command.
Any help is appreciated.
$SPLUNK_HOME/etc/system/local/authentication.conf
[authentication]
authType = Scripted
authSettings = script
[script]
scriptPath = "/opt/splunk/bin/splunk cmd python" "/opt/splunk/bin/crowd-login.py" # this command works from the CLI
# Cache results for different times per function
[cacheTiming]
userLoginTTL = 10s
getUserInfoTTL = 1m
getUsersTTL = 2m
crowd-login.py was collected from https://github.com/planettelex/splunk-crowd-auth
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Found the issue. In crowd-login.py the first line defined another python environment which messed everything up.
Removed the first line #!/usr/bin/env python and everything works as expected.
Also updated authentication.conf with
[script]
scriptPath = /opt/splunk/bin/python /opt/splunk/bin/crowd-login.py
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Found the issue. In crowd-login.py the first line defined another python environment which messed everything up.
Removed the first line #!/usr/bin/env python and everything works as expected.
Also updated authentication.conf with
[script]
scriptPath = /opt/splunk/bin/python /opt/splunk/bin/crowd-login.py
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@thilleso : Could you please let me know how scripted authentication takes input ,username and password from login page?
I need to do some custom authentication which required inputs should take from login page and then do call a REST API to validate credential.
This is my question in Splunk answer,hope your answer or comment will help me to build a script.
https://answers.splunk.com/answers/616517/splunk-scripted-authentication-with-servicenow.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It takes the intput arguments from the standard weblogin page args[USERNAME] and args['password']
Se more details in $SPLUNK_HOME/share/splunk/authScriptSamples/dumbScripted.py
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @thilleso
Join Us for Splunk University and Get Your Bootcamp Game On!
.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!
Announcing Scheduled Export GA for Dashboard Studio
