BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
Saikrishna979
Obsidian | Level 7

Our SAS VA located on UNIX Environment. currently we are using AD for authenticate a group of people(Eg: UK users). Another group(Eg: US users) of users need authenticate and access the SAS applications, But they are not present in current AD that we are using and present in a LDAP server. So, is this possible to implement both the authentication processes in sasv9_usermods.cfg (both AD and LDAP)?

As like.

/*-----------------Active Directory Authentication---------------------- */
/* Environment variables that describe your Active Directory server */ -set AD_HOST myhost /* Define authentication provider */ -authpd ADIR:mycomapny.com -primpd mycompany.com

/*------------------------LDAP Authentication--------------------------- */
/* Environment variables that describe your LDAP server */
-set LDAP_HOST myhost
-set LDAP_BASE "ou=emp, o=us"
/* Define authentication provider */
-authpd LDAP:mycompany.com
-primpd aus.mycompany.com

 

or is there any other way to achieve this? please suggest.

 

 

Thanks in advance

1 ACCEPTED SOLUTION

Accepted Solutions
PaulHomes
Rhodochrosite | Level 12

Have you tried this?

 

-authpd (ADIR:mydomain LDAP:mycompany.com)

 

For more info see the documentation for the AUTHPROVIDERDOMAIN System Option

View solution in original post

6 REPLIES 6
PaulHomes
Rhodochrosite | Level 12

See the How to Configure Direct LDAP Authentication, Multiple LDAP Servers section in the SAS 9.4 Intelligence Platform: Security Administration Guide.

 

You could also talk to your sysadmin about the possibility of configuring your UNIX platform for authentication against multiple providers and just leave SAS to do host authentication.

Saikrishna979
Obsidian | Level 7

Dear @PaulHomes,

 

thanks for your reply.

 

"You could also talk to your sysadmin about the possibility of configuring your UNIX platform for authentication against multiple providers and just leave SAS to do host authentication". could you please elaborate this point in more detail?

 

 

PaulHomes
Rhodochrosite | Level 12

I mean that you could consider shifting the burden of authenticating users across multiple providers from the SAS platform layer to the operating system platform layer. If you can configure the UNIX server, where your metadata server runs, to authenticate against multiple providers (and it is appropriately aligned with your IT security policies) then SAS can be configured for simple host authentication. An example could be using SSSD with multiple domains.

 

Another possibility with VA is to shift the authentication to the mid-tier, where there are many authentication configuration options, then use (Trusted) Web Authentication possibly in combination with SAS Token Authenticaiton. Have a read through the Authentication Mechanisms section of the SAS 9.4 Intelligence Platform: Security Administration Guide for more background. You may also find the following papers and resources provide you with more ideas: 

 

Since there are lots of options around authentication, without an understanding of your environment, SAS product mix, and business requirements it is hard to give specific advice. I would suggest contacting SAS Professional Services or a SAS Partner in your local region if you need more in-depth assistance.

Saikrishna979
Obsidian | Level 7

Dear @PaulHomes,

 

We are currently using direct active directory authentication model. So my only question now is, is it possible to authenticate sas with both Active Directory and IBM Directory server at the same time. I have read http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#n0w8oa3erw568vn192...
which mentions that multiple LDAP servers can be configured. I would like to know if we can configure in such a way that the AD and IBM LDAP server both can be used as authentication providers in the same sas machine.

 

I have also raised a ticket with technical support regarding this. I would like to understand this topic before sas support contact me. Hence the repeated questions.

 

 

Thank you

PaulHomes
Rhodochrosite | Level 12

Have you tried this?

 

-authpd (ADIR:mydomain LDAP:mycompany.com)

 

For more info see the documentation for the AUTHPROVIDERDOMAIN System Option

Saikrishna979
Obsidian | Level 7

@PaulHomes Thanks a lot for your kind support, we are proccedding for test with -authpd (ADIR:mydomain LDAP:mycompany.com).

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 6 replies
  • 8922 views
  • 7 likes
  • 2 in conversation