splunklib.binding.AuthenticationError: Autologin succeeded, but there was an auth error on next request. Something is very wrong

[RahulGuleria]

Is this issue resolved as I am still getting this error with version splunk-sdk==1.6.18 ? As suggested on this thread, https://github.com/splunk/splunk-sdk-python/issues/219

I have tried adding basic=True but that seems to be slowing down the splunk queries. Is this slowness due to the fact that for all the queries it is doing authentication using username/password (as we are using basic=True).

service = client.connect(host=host_name, scheme="https", port=splunk_conf["port"], username, password, autologin=True, verify=False)

I tried with latest version splunk-sdk==1.7.2 also and started getting the below error

Exception while performing Splunk search. retry Count: 0... Authentication Failed! If session token is used, it seems to have been expire

Wanted to know if there is any other fix for this issue ? Thanks in advance!

[mahirchavda]

Started getting this same error in the multiple addons. Seems like something is changed in the splunklib that is affecting multiple addons. Some of addons are

• splunk_ta_aws_metadata.log
• ta_microsoft_graph_securityscore*.log
• ta_sophos_central_addon_forsplunk*.log
• mimecast addon

The splunklib.binding.HTTPError: HTTP 401 Unauthorized -- {"messages":[{"type":"WARN","text":"call not properly authenticated"}]}" part is same in all the addons .

Full error msg:

2022-10-06 06:30:17,240 level=ERROR pid=31836 tid=MainThread logger=splunk_ta_aws.modinputs.metadata pos=__init__.py:run:63 |  | message="Failed to collect description data." 
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/Splunk_TA_aws/lib/splunklib/binding.py", line 289, in wrapper
    return request_fun(self, *args, **kwargs)
  File "/opt/splunk/etc/apps/Splunk_TA_aws/lib/splunklib/binding.py", line 70, in new_f
    val = f(*args, **kwargs)
  File "/opt/splunk/etc/apps/Splunk_TA_aws/lib/splunklib/binding.py", line 685, in get
    response = self.http.get(path, all_headers, **query)
  File "/opt/splunk/etc/apps/Splunk_TA_aws/lib/splunklib/binding.py", line 1219, in get
    return self.request(url, { 'method': "GET", 'headers': headers })
  File "/opt/splunk/etc/apps/Splunk_TA_aws/lib/splunklib/binding.py", line 1282, in request
    raise HTTPError(response)
splunklib.binding.HTTPError: HTTP 401 Unauthorized -- call not properly authenticated

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/splunk/etc/apps/Splunk_TA_aws/lib/splunklib/binding.py", line 231, in _handle_auth_error
    yield
  File "/opt/splunk/etc/apps/Splunk_TA_aws/lib/splunklib/binding.py", line 300, in wrapper
    return request_fun(self, *args, **kwargs)
  File "/opt/splunk/etc/apps/Splunk_TA_aws/lib/splunklib/binding.py", line 70, in new_f
    val = f(*args, **kwargs)
  File "/opt/splunk/etc/apps/Splunk_TA_aws/lib/splunklib/binding.py", line 685, in get
    response = self.http.get(path, all_headers, **query)
  File "/opt/splunk/etc/apps/Splunk_TA_aws/lib/splunklib/binding.py", line 1219, in get
    return self.request(url, { 'method': "GET", 'headers': headers })
  File "/opt/splunk/etc/apps/Splunk_TA_aws/lib/splunklib/binding.py", line 1282, in request
    raise HTTPError(response)
splunklib.binding.HTTPError: HTTP 401 Unauthorized -- call not properly authenticated

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunk_ta_aws/modinputs/metadata/__init__.py", line 61, in run
    _do_run()
  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunk_ta_aws/modinputs/metadata/__init__.py", line 36, in _do_run
    adc.AWSDescribeConf, "aws_metadata", logger
  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunk_ta_aws/common/ta_aws_common.py", line 172, in get_configs
    tasks = conf.get_tasks()
  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunk_ta_aws/modinputs/metadata/aws_description_conf.py", line 69, in get_tasks
    tasks = self._get_description_tasks(client)
  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunk_ta_aws/modinputs/metadata/aws_description_conf.py", line 93, in _get_description_tasks
    if self.task_file in conf_mgr.confs:
  File "/opt/splunk/etc/apps/Splunk_TA_aws/lib/splunklib/client.py", line 1752, in __contains__
    response = self.get(key)
  File "/opt/splunk/etc/apps/Splunk_TA_aws/lib/splunklib/client.py", line 1702, in get
    return super(Collection, self).get(name, owner, app, sharing, **query)
  File "/opt/splunk/etc/apps/Splunk_TA_aws/lib/splunklib/client.py", line 795, in get
    **query)
  File "/opt/splunk/etc/apps/Splunk_TA_aws/lib/splunklib/binding.py", line 300, in wrapper
    return request_fun(self, *args, **kwargs)
  File "/opt/splunk/lib/python3.7/contextlib.py", line 130, in __exit__
    self.gen.throw(type, value, traceback)
  File "/opt/splunk/etc/apps/Splunk_TA_aws/lib/splunklib/binding.py", line 234, in _handle_auth_error
    raise AuthenticationError(msg, he)
splunklib.binding.AuthenticationError: Autologin succeeded, but there was an auth error on next request. Something is very wrong.

[ashah-splunk]

@RahulGuleria as per the discussion on the issue #219 bearer token is the feasible solution. and as mentioned by @ncanumalla-splunk managing of the bearer token is currently not in scope of SDK.

@mahirchavda could you please share the Splunk and SDK versions being used. Also from the traceback you shared the error message was updated in the recent versions of the SDK. so we would request you to use the latest SDK and also please share the reproduction steps.

[ashah-splunk]

Closing the Issue as we haven't received any response. @RahulGuleria , @mahirchavda please reopen the Issue if you still facing the issue.