BookmarkSubscribeRSS Feed
EyalGonen
Lapis Lazuli | Level 10

Hi experts,

 

Question is how to force IWA from EG 8.x on Windows desktop to SAS 9.4M7 Metadata Server on Linux to automatically append the domain name to the account name (user name)?

 

Currently, when an end user opens up EG and selects to use the IWA option to connect to the Metadata Server, the username that SAS Metadata Server looks up is “username” whereas we want the SAS Metadata Server to lookup “username@domain” or "domain\username" in the list of accounts it maintains for proper identification of the end user.

 

Anyone has any idea if this is doable and how to accomplish?

 

Thanks,

Eyal

4 REPLIES 4
gwootton
SAS Super FREQ
What problem are you trying to solve? Do you have multiple users with the same userid and different domains, or a userid perhaps specified under a different authentication domain that should not be considered for authentication?

The documentation mentions using SASUSEKERBNAME when you have different users with the same user ID under different domains.

SAS 9.4 Administration - How to Configure Integrated Windows Authentication - User Logins
https://go.documentation.sas.com/doc/en/bicdc/9.4/bisecag/n1d1zo1jsf2o0en1ehu4c4simfky.htm#n15h2oxul...

SAS 9.4 Administration - Windows User ID Formats
https://go.documentation.sas.com/doc/en/bicdc/9.4/bisecag/n1xabf7u29o4lfn1l7l8ac7bfxme.htm
--
Greg Wootton | Principal Systems Technical Support Engineer
EyalGonen
Lapis Lazuli | Level 10

Hi @gwootton 

 

Thanks for replying. It is a complicated setup - don't want to bother you with the details.

The SASUSEKERBNAME option you mentioned ... will that work with SAS Metadata Server on Linux (as in this case)? Is this variable set up on the EG client?

 

 

gwootton
SAS Super FREQ
I've not used it before, but from the documentation it seems like:
- This would work with Metadata on Linux
- This is done on the server side

So, I'm thinking in your <SASConfig>/Levn/SASMeta/MetadataServer/MetadataServer_usermods.sh you would add:
export SASUSEKERBNAME=true
--
Greg Wootton | Principal Systems Technical Support Engineer
Sajid01
Meteorite | Level 14

Hello @EyalGonen 

If your objective it is to use  user@domain.com for authentication then you look for direct LDAP authentication (https://documentation.sas.com/doc/en/bicdc/9.4/bisecag/n0w8oa3erw568vn192xwf0872npk.htm).

One has manually add the user@domain while creating a user identity in the metadata server.

However according to this https://documentation.sas.com/doc/en/bicdc/9.4/bisecag/n0hc2dvantejyvn1fip0iy3iydop.htm does not support SSO.
Do read this reference, even though a bit dated but very useful. https://support.sas.com/rnd/itech/doc9/admin_oma/security/auth/security_impauthalt.html 

 

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • 975 views
  • 0 likes
  • 3 in conversation