BookmarkSubscribeRSS Feed
AsSASsin
Quartz | Level 8

Hello,

I know that internal accounts are only to manage and for administrative purposes, but in a test environment they are very useful to allow some users to open a workspace with only one account.

 I have created a group that store the Unix account credentials.

is there any chance to inherit this credentials for an internal account with the default workspace with host authentication (DefaultAuth domain)?

it could be useful for enterprise guide developers.

 

Thanks.

12 REPLIES 12
SASKiwi
PROC Star

SAS workspace sessions require an OS user account to authenticate and log onto the SAS App server and start a SAS session, so you can't use an account only defined in SAS metadata. Using an account like sasdemo which is defined as an OS account as well as in SAS metadata could be useful for a test environment.

AsSASsin
Quartz | Level 8

Yes, OS account is stored inside a metadata group.

It is just to divide the metadata permissions to different levels.

The question is: with 4 metadata internal users how can I open a workspace with one OS user?

Assign the user to the group with credentials seems doesn’t take any effect.

SASKiwi
PROC Star

Create an Auth domain for the one OS user, then add that Auth domain to the 4 metadata internal users.

AsSASsin
Quartz | Level 8

Thanks for the reply.

Where do I have to add the new Auth domain to the 4 internal users?

SASKiwi
PROC Star

In the Accounts tab of the internal users properties, select the New button to add the new Auth domain with associated OS account.

AsSASsin
Quartz | Level 8

With this solution I will have 1 internal account with 1 OS account right?

In this case using an internal account is not useful.

But 4 internal account and 1 shared os account?

SASKiwi
PROC Star

Sorry, if I understand your requirements correctly you need to create a User Group and then assign the new Authentication Domain linked to the single OS account under the Accounts tab for this group.

 

Then create your internal users and add them to the above User Group in the Groups and Roles tab. That should enable the OS account to be shared across the users.

AsSASsin
Quartz | Level 8

Yes the user group with OS credentials is what I did but when I authenticate with internal user in EG it shows me the popup to put the credentials for the connection to SasApp.

This Is what I did in production environment with LDAP and works well, but with the internal users EG doesn’t assign automatically the OS group user.

What I’m forgetting?

When I create the profile in EG do I have to specify the AuthDomain of the OS user or leave it blank?

And could I use the DefaultAuth domain for the OS group user or I have to create another one?

boemskats
Lapis Lazuli | Level 10

It's been a while, but would configuring the Workspace server for token authentication not solve this?

 

(although, officially, use of internal accounts for this kind of thing still isn't recommended)

 

http://documentation.sas.com/?docsetId=bisecag&docsetVersion=9.4&docsetTarget=p06o3ymf2cuw16n1cmyi47...

AsSASsin
Quartz | Level 8

Probably yes, but I will have to create another workspace to do this...

boemskats
Lapis Lazuli | Level 10

I think this is your only way. I did some testing, I don't think inherited (DefaultAuth) session credentials work for spawning sessions, they have to be owned by the authenticated user directly. 

 

You could just, again in theory, define a second token-authenticated application server context in metadata only, the paths for which point to the same one you have defined at the moment. Haven't tested this but it's worth a try. 

 

Nik

AsSASsin
Quartz | Level 8

Thank you very much.

I noticed that I can authenticate an internal user (or ldap) with a bad workaround:

I stored credentials in a group with DefaultAuth and in the EG profile I go with my internal account but in the Authorization Domain text box in EG I have to put a virtual domain that doesn’t exist in SAS metadata. In this way I can open the workspace...why?

Is there an explanation?

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 12 replies
  • 2916 views
  • 4 likes
  • 3 in conversation