cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
Unarinen12
Calcite | Level 5 Unarinen12
Calcite | Level 5

Group Membership error

Posted 10-21-2024 04:21 AM (932 views)
Hi Team,

I am currently experiencning the following issues can someone advise 

Version and License
Using the Azure marketplace SAS Viya Pay-As-You-Go plan. 
 
sasViyaCadenceVersion: 2024.08
 
Setup and requirements
We ran the deployment via Azure. There are 2 issues that need to be resolved:
  1. Run Code: Only viya_admin user can connect to and use compute context to run code. Other users created in keycloak and added to SASAdminstriators group can sign in, but can't connect and run code
  2. Connect to Azure blob storage (with Microsoft sign-in): I followed the documentation for connecting to blob storage which suggested setting up Microsoft authentication. We followed the documentation here (https://go.documentation.sas.com/doc/en/sasadmincdc/v_056/calauthmdl/n1iyx40th7exrqn1ej8t12gfhm88.ht...) which does successfully create a user sign in which seems to function, but provides the following error.
    1.  It is unclear whether this error suggests an error on the side of Azure or SAS Viya (or Keycloak). We couldn't find any documentation to suggest how to fix this.

      The only changes made after the Azure deployment were adding additional users on keycloak and setting up the oauth.providers specified in the documentation linked above.

      Unarinen12_0-1729498770379.png

       

Reply
2 REPLIES 2
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Group Membership error

Posted 10-22-2024 03:21 PM (836 views)  |   In reply to Unarinen12
In addition to logging in (authentication), you must also provide Viya with a list of users (identity provisioning).
Your authentication provider can be an LDAP server, OIDC, SAML or Kerberos.
Your identity provider can either be LDAP or SCIM.
The account identifier must match between your authentication and identity providers exactly.
The error message saying the system could not obtain group memberships means authentication was successful, but when SAS Logon Manager called the identities service to request the groups the authenticated user is a member of, this request failed, suggesting identity provisioning has not been configured.
The identities service also providers uid/gid numbers to allow users to run compute sessions.

This documentation goes into more detail on Identity Management:
https://go.documentation.sas.com/doc/en/sasadmincdc/v_057/calids/titlepage.htm
--
Greg Wootton | Principal Systems Technical Support Engineer
Reply
JuanS_OCS
Azurite | Level 17 JuanS_OCS
Azurite | Level 17

Re: Group Membership error

Posted 10-28-2024 05:29 AM (734 views)  |   In reply to Unarinen12

Hello @Unarinen12 ,

 

on top of what @gwootton , keycloack is not per-se supported by SAS. There has been some testing but it is very limited. Therefore you use it at your own risk, basically. Feel free to reach out to SAS Tech Support and Azure support, but please do note that remark.

https://communities.sas.com/t5/Administration-and-Deployment/Using-keycloak-in-managing-user-permiss...

https://communities.sas.com/t5/SAS-Viya-on-Microsoft-Azure/SAS-Viya-on-Azure-and-Azure-AD/td-p/86112...

https://github.com/sassoftware/vscode-sas-extension/issues/1198

 

Is Keycloak a component brought by you or by the SAS pay-as-you-go deployment? 


0 Likes
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 2 replies
  • ‎10-21-2024 04:21 AM
  • 933 views
  • 2 likes
  • 3 in conversation