I am trying to get scripted auth working on the new 4.1. I had a configuration on 3.4.x that worked great but after moving to 4.1 bits I can no longer get per account search filters to work. What it looks like based on debug level logging (AuthenticationManagerScripted=debug) is that the scripted auth model is never asking my script for the search filters.
My Authentication.conf is:
[authentication]
authSettings = VoxeoAuth
authType = Scripted
# scriped auth
[VoxeoAuth]
scriptPath = $SPLUNK_HOME/bin/python $SPLUNK_HOME/etc/apps/voxsearch/auth-search.py
# have also tried setting this to 1 per the docs.
scriptSearchFilters = True
[cacheTiming]
userLoginTTL = 60
searchFilterTTL = 60
getSearchFilterTTL = 60
getUserInfoTTL = 60
getUserTypeTTL = 60
getUsersTTL = 60
THe auth script snippet is below:
def getSearchFilter( infoIn ):
user = infoIn['username']
rc,accountid,role = doAuth(user,"")
retDict = {}
retDict[RETURN_KEY] = FAILED
if (rc=="ok"):
retDict[RETURN_KEY] = SUCCESS
if (role != "VOXEON"):
retDict[SRCH_FILT] = "accountid=" + str(accountid)
return retDict
Any idea what might be going on? Was there a change in 4.x in how search filters are setup for scripted auth users?
Turns out that this has not worked since 3.4 😉
It has been fixed and should be part of 4.1.1 which should be out in a week or so. I'll see if there is not a work around in the mean time
Turns out that this has not worked since 3.4 😉
It has been fixed and should be part of 4.1.1 which should be out in a week or so. I'll see if there is not a work around in the mean time
See what happens when I stop using new releases? 😉