Create the authentication script
To integrate your authentication system with your Splunk deployment, make sure the authentication system is running and then do the following:
1. Create a Python authentication script. See "Create a Python script" in this topic for the procedure.
2. Test the new script. See "Test the script" in this topic for the procedure.
3. Enable your script by editing authentication.conf to specify scripted authentication and associated settings. See "Edit authentication.conf" for the procedure.
Splunk Cloud Platform doesn't support scripted authentication.
Create a Python script
You must create a Python script that implements these authentication functions:
- userLogin
- getUserInfo
- getUsers
The Splunk server will call these functions as necessary, either to authenticate user login or to obtain information on a user's roles.
The script can optionally also include a handler for this function:
- getSearchFilter
This table summarizes the authentication functions, their arguments, and their return values:
Function | Description | Argument string | Return value string |
---|---|---|---|
userLogin
|
Login with user credentials. | --username=<username>
(values passed one per line over |
fail
(safely passed over |
getUserInfo
|
Return a user's information, including name and role(s). | --username=<username>
|
--status=success|fail --userInfo=<userId>;<username>;<realname>;<roles> Note the following:
|
getUsers
|
Return information for all Splunk users. | none | --status=success|fail --userInfo=<userId>;<username>;<realname>;<roles> --userInfo=<userId>;<username>;<realname>;<roles> --userInfo=<userId>;<username>;<realname>;<roles> ... Note the following:
|
getSearchFilter
|
Optional. Returns the filters applied specifically to this user, along with those applied to the user's roles. The filters are OR'd together. | --username=<username>
|
--status=success|fail --search_filter=<filter> --search_filter=<filter> ... Note: User-based search filters are optional and not recommended. A better approach is to assign search filters to roles and then assign users to the appropriate roles. For more information, see "Use the getSearchFilter function to filter at search time" |
See the example scripts for detailed information on how to implement these functions.
Test the script
Since the communication between your Splunk deployment and the script occurs via stdin
and stdout
, you can test the script interactively in your command shell. Be sure to send one argument per line and end each function call with an EOF (Ctrl-D).
Test each function individually, using this pattern:
> python [script] [function name] [pass arguments here, one per line] [send eof, with Ctrl-D] [output appears here, check that it's correct] >
The following example shows a debugging session that does some simple testing of a fictional script called "example.py", with two users "alice" and "bob". "alice" is a member of the "admin" and "super" roles, and "bob" is a member of the "user" role.
> python example.py userLogin --username=alice --password=correctpassword <send an EOF> --status=success > python example.py userLogin --username=bob --password=wrongpassword <send an EOF> --status=fail > python example.py getUsers <no arguments for this function, send an EOF> --status=success --userInfo=bob;bob;bob;user --userInfo=alice;alice;alice;admin:super > python example.py getUserInfo --username=bob <send an EOF> --status=success --userInfo=bob;bob;bob;user > python example.py getUserInfo --username=userdoesnotexist <send an EOF> --status=fail >
Important: This is just an example of how to go about testing a script. It does not attempt to perform exhaustive debugging of any real script.
Set up user authentication with external systems | Edit authentication.conf |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1
Feedback submitted, thanks!