Architecting, installing and maintaining your SAS environment

How to achieve SSO on EG?

Reply
Contributor
Posts: 67

How to achieve SSO on EG?

Hi, guys

 

As we know EG client can use Windows User login to the SAS Server on Windows Server OS. Now, the customer hope that the login operation accomplished on their own system. So SSO is needed.

 

Is there a way can do that on EG?

Community Manager
Posts: 2,955

Re: How to achieve SSO on EG?

You're talking about "Integrated Windows Authentication" -- yes, it's possible.  This requires some admin work on the SAS environment to configure the permissions and (perhaps) an authentication provider.  See the SAS Enterprise Guide instructions here, and follow the links within to the admin guide for more details.

Contributor
Posts: 67

Re: How to achieve SSO on EG?

Posted in reply to ChrisHemedinger

Thanks, Chris!  Let me try it.

Contributor
Posts: 67

Re: How to achieve SSO on EG?

Posted in reply to ChrisHemedinger

Hi, Chris

 

I have tried using IWA to login on the SAS Server. But If the SAS Server is deployed on machine A, and the EG Client is installed on the Machine B. The EG Client can't login on the SAS Server with IWA. Because the system account of Machine B is not related to Machine A. So, If EG Client and SAS Server are installed on different Machine, is there a way to do it? (SSO)

Trusted Advisor
Posts: 1,321

Re: How to achieve SSO on EG?

Hi @Slash,

 

Check out this blog posts on SAS and IWA that might help - https://platformadmin.com/blogs/paul/2012/01/sas-and-iwa-two-hops/

 

Kind Regards,

Michelle

Contributor
Posts: 67

Re: How to achieve SSO on EG?

Posted in reply to MichelleHomes
Thankyou!
PROC Star
Posts: 426

Re: How to achieve SSO on EG?

As long as Machine A and Machine B are either in the same Windows domain or are in domains that have a trust relationship, then you should be able to configure IWA. For more info on potential limitations have a look at the Integrated Windows Authentication section of the SAS 9.4 Intelligence Platform: Security Administration Guide.

If the Windows side of things has been configured ok then some of the other common things that can prevent IWA logins working as expected include:

  1. Not configuring the SAS Workspace Server in metadata (using SAS Management Console) to support IWA (via Negotiate or Kerberos).
  2. Not restarting (or refreshing) the SAS Object Spawner after changing the SAS Workspace Server config in metadata.
  3. No registering appropriate SPNs if the SAS servers are accessed using machine aliases rather than their primary host names.

When implementing IWA, it is well worth considering getting help from SAS Professional Services or a local SAS Partner. When IWA is operational it works very well, but making sure all the various platform components are configured correctly for IWA can tricky, time consuming and involve lots of troubleshooting. Getting help from someone that already has this experience can save you a lot of time.

Contributor
Posts: 67

Re: How to achieve SSO on EG?

Posted in reply to PaulHomes
Thanks a lot. Let me try it.
Super User
Posts: 3,260

Re: How to achieve SSO on EG?

One complication you need to watch out for is if you have any EG data sources pointing to databases also using IWA. If you do then additional server security configuration will be required to enable delegation of EG IWA to the data sources.

Contributor
Posts: 67

Re: How to achieve SSO on EG?

Thanks, Kiwi!

Ask a Question
Discussion stats
  • 9 replies
  • 246 views
  • 4 likes
  • 5 in conversation