topic Re: Single Sign on on Midtier and Desktop Applications in Linux in Administration and Deployment

Single Sign on on Midtier and Desktop Applications in Linux

alko13 — Mon, 06 Feb 2023 06:29:24 GMT

We have a 9.4 and Viya 3.5 environment on Linux, we would like to setup Single Sign on on Midtier (9.4 and Viya3.5) and IWA for desktop apps. Appreciate any help to refer me to documentations to achieve this.

Also Is it required for the user to be able to ssh to the linux servers (like configure pam/sssd)?

Thanks

Re: Single Sign on on Midtier and Desktop Applications in Linux

gwootton — Mon, 06 Feb 2023 14:12:01 GMT

The relevant documentation is below. If you want a process to be owned by the authenticating user, their user ID must be valid on the compute server and potentially the CAS host in Viya (i.e. configure PAM/SSSD), but this does not necessarily mean they need to be able to SSH to the server. Alternatively the SAS/CAS process can be owned by a shared account, but this prevents using file system authorization to be used to limit access.

SAS 9.4 Administration - Middle Tier Administration Guide - Support for Integrated Windows Authentication
https://go.documentation.sas.com/doc/en/bicdc/9.4/bimtag/p1871e69gmwdr0n1o182krslc10p.htm

SAS 9.4 Administration - Security Administration Guide - How to Configure Integrated Windows Authentication
https://go.documentation.sas.com/doc/en/bicdc/9.4/bisecag/n1d1zo1jsf2o0en1ehu4c4simfky.htm

Viya 3.5 Administration - Authentication: How-to
https://go.documentation.sas.com/doc/en/calcdc/3.5/calauthmdl/n1pkgyrtk8bp4zn1d0v1ln4869og.htm

Re: Single Sign on on Midtier and Desktop Applications in Linux

alko13 — Tue, 07 Feb 2023 05:06:40 GMT

Thanks for the reply Greg.

Just to clarify, PAM/SSSD is really not required to achieve SSO, this is just optional if we wanted the SAS process be owned by the authenticating user in 9.4 and Viya 3.5?

Re: Single Sign on on Midtier and Desktop Applications in Linux

gwootton — Tue, 07 Feb 2023 14:12:53 GMT

That's correct.