topic Re: Same user multiple authentication domains in Administration and Deployment

Same user multiple authentication domains

bream_bn — Fri, 22 Mar 2013 20:37:48 GMT

I have two database servers that developers will access, for each database I have defined a separate authentication domain. As the servers are related they have the same username but different passwords. I can define the username 'developer' to the first authentication domain and everything works properly. The problem come in when I try to add the same user 'developer' to the second authentication domain with a separate password. I get an error that the userid is already being user by another user or group.

Does anyone know a way around this? This shouldn't be _ problem as the authentication domains are different.

Re: Same user multiple authentication domains

Haikuo — Fri, 22 Mar 2013 21:23:49 GMT

I must have hit the different spot. I have users just like the one you have, eg. need to access multiple different database with the same login ID. It worked fine for me. The posted example is showing an user(me) to have access to 3 database, 2 Oracle, 1 SQL server, using the same user ID.

Haikuo

Re: Same user multiple authentication domains

TomKari — Sat, 23 Mar 2013 14:01:58 GMT

I agree with Haikuo. I don't have access to the metadata server environment any more, but I did the same thing that she shows with no problem. I don't really know what to suggest, if nobody has any ideas that help you out throw it over the wall to Tech. Support. I suspect you're doing something that you're not describing that is causing the problem.

Tom

Re: Same user multiple authentication domains

bream_bn — Sat, 23 Mar 2013 17:41:20 GMT

The problem I am having is assigning the user name to another group. I did test Haikuo solution by putting the same user in a single group and it works properly. The problem is that users who have access in the first authentication domain shouldn't have access in the second authentication domain.

Re: Same user multiple authentication domains

SASKiwi — Tue, 26 Mar 2013 23:32:03 GMT

Have you tried leaving the Authentification Domain as default (DefaultAuth) and adding the domain on the front of the userid (DOMAIN1\user1, DOMAIN2\user1) in SMC? We always define our userids this way so they only authenticate in the one domain.

Re: Same user multiple authentication domains

lavi — Mon, 23 Jun 2014 19:55:19 GMT

Hi Bream_bn,

Were you able to get it working the way you wanted it. I am in the same situation and want to add same user to a different group with a different authentication Domain. Adding same user to the same group with different authentication domain is not an option at least no tan easy one.

Re: Same user multiple authentication domains

jklaverstijn — Sun, 02 Aug 2015 13:26:36 GMT

Hi,

As of 9.4M2 an authentication domain can be labeled as Outbound Only. That would lift the uniqueness constraint.

From the docs (SAS(R) 9.4 Intelligence Platform: Security Administration Guide, Second Edition😞

Outbound and Trusted Authentication Domains

Beginning in the second maintenance release for SAS 9.4 is support for outbound and trusted authentication domains. A login in an outbound domain is used only to provide SAS applications with seamless access to external resources, such as a third-party vendor database. These logins are not part of the SAS identity phase, which attempts to determine the current metadata user by matching their authenticated user ID to the user ID stored in a login. Therefore, for outbound domain logins, the uniqueness requirement on the user ID is not enforced.

Regards Jan