Hi all,

We are in the process of deploying SAS 9.3M2 clients in our Citrix streaming environment. Users can start their SAS clients (EG, SMC, DIS, ...) from a browser portal. This works OK but we cannot get Kerberos based IWA to work in all situations. The browser portal defaults to so-called Pass-through Authentication where the user's current Windows authentication is passed to the client. IWA however does not work in that scenario. If I use the other option called Explicit Authentication I am prompted for account name and password it does work. This is however not very useful as most users have smartcard or Securid tokens and no passwords.

I have concluded that in the pass-through situation no ticket granting ticket (TGT) is present in the streamed session. This apparently disables SAS' ability to use IWA. When explicit authentication is used a TGT is present and IWA works. I am now in the traditional catch between software provider and our IT support people who are both arguing the opposite party has to do things to make it work. I tend to believe SAS but cannot substantiate that enough.

Did anyone manage to get this working or can tell me it never will? Any ideas?

Regards, Jan.

PS: I was told the official SAS support policy on streaming presentation technology has been relaxed and SAS will now work with the customer to resolve issues involving this technology. We have a track open with SAS support but I think an inquiry within the community can still help.