05-09-2018 04:45 PM
I know that internal accounts are only to manage and for administrative purposes, but in a test environment they are very useful to allow some users to open a workspace with only one account.
I have created a group that store the Unix account credentials.
is there any chance to inherit this credentials for an internal account with the default workspace with host authentication (DefaultAuth domain)?
it could be useful for enterprise guide developers.
05-09-2018 05:46 PM
SAS workspace sessions require an OS user account to authenticate and log onto the SAS App server and start a SAS session, so you can't use an account only defined in SAS metadata. Using an account like sasdemo which is defined as an OS account as well as in SAS metadata could be useful for a test environment.
05-09-2018 06:05 PM
Yes, OS account is stored inside a metadata group.
It is just to divide the metadata permissions to different levels.
The question is: with 4 metadata internal users how can I open a workspace with one OS user?
Assign the user to the group with credentials seems doesn’t take any effect.
05-10-2018 06:03 PM
With this solution I will have 1 internal account with 1 OS account right?
In this case using an internal account is not useful.
But 4 internal account and 1 shared os account?
05-10-2018 11:27 PM
Sorry, if I understand your requirements correctly you need to create a User Group and then assign the new Authentication Domain linked to the single OS account under the Accounts tab for this group.
Then create your internal users and add them to the above User Group in the Groups and Roles tab. That should enable the OS account to be shared across the users.
05-11-2018 01:14 AM
Yes the user group with OS credentials is what I did but when I authenticate with internal user in EG it shows me the popup to put the credentials for the connection to SasApp.
This Is what I did in production environment with LDAP and works well, but with the internal users EG doesn’t assign automatically the OS group user.
What I’m forgetting?
When I create the profile in EG do I have to specify the AuthDomain of the OS user or leave it blank?
And could I use the DefaultAuth domain for the OS group user or I have to create another one?
05-11-2018 06:12 AM
It's been a while, but would configuring the Workspace server for token authentication not solve this?
(although, officially, use of internal accounts for this kind of thing still isn't recommended)
4 weeks ago
I think this is your only way. I did some testing, I don't think inherited (DefaultAuth) session credentials work for spawning sessions, they have to be owned by the authenticated user directly.
You could just, again in theory, define a second token-authenticated application server context in metadata only, the paths for which point to the same one you have defined at the moment. Haven't tested this but it's worth a try.
4 weeks ago
Thank you very much.
I noticed that I can authenticate an internal user (or ldap) with a bad workaround:
I stored credentials in a group with DefaultAuth and in the EG profile I go with my internal account but in the Authorization Domain text box in EG I have to put a virtual domain that doesn’t exist in SAS metadata. In this way I can open the workspace...why?
Is there an explanation?