https://communities.sas.com/t5/Administration-and-Deployment/SAS-Web-Authentication-using-SAML-and-Shibboleth-module/m-p/536744#M15706 <P>Hi,</P><P>&nbsp;</P><P>Following discussions with Mike Roda directly, Mike whom I would like to thank warmly for his availability, I communicate you his answer about this topic :</P><P>&nbsp;</P><BLOCKQUOTE><P>The JNDIRealm referred to in the SAS documentation on web authentication is a form of web authentication that uses the built-in functionality from the Apache tomcat software to authenticate with an LDAP server. We sometimes call this container-based security since the container (Apache Tomcat) is doing the authentication. This is provided in the SAS documentation as an example only and does not apply to your case. Instead of container-based security, you will be using the PrincipalFromRequestHeadersValve, which will intercept requests coming from the web server and set an authenticated user in the request.</P></BLOCKQUOTE><P>&nbsp;</P><P>For my part, I have just identified the issue. Issue comes from encoding password implementation (SAS Web App Server) with tcruntime-admin.sh script (SAS9.4M5).</P><P>You have to protect some special characters with backslash and do not enclose characters with quotes.</P><P>&nbsp;</P><P>I suggest you to test your SAML configuration without password first in developpment environment.</P><P>&nbsp;</P><P>Best regards,</P><P>Gaétan</P> Tue, 19 Feb 2019 14:48:39 GMT Gaetan 2019-02-19T14:48:39Z https://communities.sas.com/t5/Administration-and-Deployment/SAS-Web-Authentication-using-SAML-and-Shibboleth-module/m-p/536679#M15696 <P>&nbsp;</P> <P>Hi everyone,</P> <P>&nbsp;</P> <P>I adress this morning a new topic about Web authentication.</P> <P>&nbsp;</P> <P>I want to describe first briefly my context</P> <P>&nbsp;</P> <P>SAS Solution : Visual Analytics 9.4M5</P> <P>System : Linux 64</P> <P>Current user authentication : Metasever requests Active Directory through LDAP connection (no PAM configuration on the server)</P> <P>Target user authentication : Web authentication (SAML with Shibboleth module)</P> <P>Documentation used :</P> <P>- <A href="https://support.sas.com/resources/papers/proceedings15/SAS1385-2015.pdf" target="_self">Federated Security Domains with SAS and SAML</A> (Mike Roda)</P> <P>- <A href="https://documentation.sas.com/?docsetId=bimtag&amp;docsetTarget=n1bhp608f0hsoen10i1vi0p9l5f7.htm&amp;docsetVersion=9.4&amp;locale=en#p0om6ml5m87to3n1f7d61uudt267" target="_self">Web Authentication</A> (SAS Documentation)</P> <P>&nbsp;</P> <P>In the documentation written by Mike Roda, no needs to configure JNDIRealm.</P> <P>But, in the SAS documentation, step 14 indicates the method to configure JNDIRealm.</P> <P>&nbsp;</P> <P>I would like to explain this apparent contradiction : In which context do we need to configure JNDIRealm ? when no PAM authentifiaction are configured or there is no link between this ?</P> <P>&nbsp;</P> <P>Best regards,</P> <P>Gaetan</P> Tue, 19 Feb 2019 10:03:17 GMT https://communities.sas.com/t5/Administration-and-Deployment/SAS-Web-Authentication-using-SAML-and-Shibboleth-module/m-p/536679#M15696 Gaetan 2019-02-19T10:03:17Z https://communities.sas.com/t5/Administration-and-Deployment/SAS-Web-Authentication-using-SAML-and-Shibboleth-module/m-p/536744#M15706 <P>Hi,</P><P>&nbsp;</P><P>Following discussions with Mike Roda directly, Mike whom I would like to thank warmly for his availability, I communicate you his answer about this topic :</P><P>&nbsp;</P><BLOCKQUOTE><P>The JNDIRealm referred to in the SAS documentation on web authentication is a form of web authentication that uses the built-in functionality from the Apache tomcat software to authenticate with an LDAP server. We sometimes call this container-based security since the container (Apache Tomcat) is doing the authentication. This is provided in the SAS documentation as an example only and does not apply to your case. Instead of container-based security, you will be using the PrincipalFromRequestHeadersValve, which will intercept requests coming from the web server and set an authenticated user in the request.</P></BLOCKQUOTE><P>&nbsp;</P><P>For my part, I have just identified the issue. Issue comes from encoding password implementation (SAS Web App Server) with tcruntime-admin.sh script (SAS9.4M5).</P><P>You have to protect some special characters with backslash and do not enclose characters with quotes.</P><P>&nbsp;</P><P>I suggest you to test your SAML configuration without password first in developpment environment.</P><P>&nbsp;</P><P>Best regards,</P><P>Gaétan</P> Tue, 19 Feb 2019 14:48:39 GMT https://communities.sas.com/t5/Administration-and-Deployment/SAS-Web-Authentication-using-SAML-and-Shibboleth-module/m-p/536744#M15706 Gaetan 2019-02-19T14:48:39Z