cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
YvetteS
Calcite | Level 5 YvetteS
Calcite | Level 5

Re: SAS Viya 3.3 Cannot Authenticate Users

Posted 09-13-2018 02:22 PM (1104 views)  |   In reply to alexal

Hi Alexal

 

Well I am pleased to report that we resolved issue without engaging the consultants.  You were absolutely correct, a certificate on our LDAP had expired and was replaced.  We copied the new certificate onto the Linux SAS server.  Excellent news.

 

So that being said, we never had this issue in VA or SAS 9.4 on our old install, seems to be new with our recent Viya install, so we noticed that the certificate we just applied expires January 2019.  We are assuming this issue will occur again then, we don't appear to get any warning about this certificate expiring, maybe I should see if IT can add some sort of alert to our SAS administrator.

 

Thanks so much for your support and quick replies on this issue, greatly appreciated.

0 Likes
alexal
SAS Employee alexal
SAS Employee

Re: SAS Viya 3.3 Cannot Authenticate Users

Posted 09-13-2018 02:29 PM (5591 views)  |   In reply to YvetteS

@YvetteS,

 

You are welcome. I'm glad that the problem has been resolved.

 

Well I am pleased to report that we resolved issue without engaging the consultants.  You were absolutely correct, a certificate on our LDAP had expired and was replaced.  We copied the new certificate onto the Linux SAS server.  Excellent news.

 

So that being said, we never had this issue in VA or SAS 9.4 on our old install, seems to be new with our recent Viya install, so we noticed that the certificate we just applied expires January 2019.  We are assuming this issue will occur again then, we don't appear to get any warning about this certificate expiring, maybe I should see if IT can add some sort of alert to our SAS administrator.

0 Likes
YvetteS
Calcite | Level 5 YvetteS
Calcite | Level 5

Re: SAS Viya 3.3 Cannot Authenticate Users

Posted 12-21-2018 11:03 AM (1036 views)  |   In reply to alexal

HI There

 

We are experiencing this issue again today, however this time our LDAP SSL certificate in active directory has not expired?  Any suggestions?

0 Likes
alexal
SAS Employee alexal
SAS Employee

Re: SAS Viya 3.3 Cannot Authenticate Users

Posted 12-21-2018 11:12 AM (1031 views)  |   In reply to YvetteS

@YvetteS,

 

Have you had a chance to check the most recent log file in /opt/sas/viya/config/var/log/saslogon/default/? Do you see any errors?

0 Likes
YvetteS
Calcite | Level 5 YvetteS
Calcite | Level 5

Re: SAS Viya 3.3 Cannot Authenticate Users

Posted 12-21-2018 11:30 AM (1027 views)  |   In reply to alexal

IT is telling me it appears to be Java certificates this time?

0 Likes
YvetteS
Calcite | Level 5 YvetteS
Calcite | Level 5

Re: SAS Viya 3.3 Cannot Authenticate Users

Posted 12-21-2018 11:42 AM (1021 views)  |   In reply to YvetteS

Msg from log file is: unable to find valid certification path to requested target

 

(target being ldaps service on DC)

 

I have verified cert in question on DC has not renewed yet. Have also verified that the DC cert has been added to both trustedcerts.pem and the trustedcerts.jks keystore.

 

Wondering if it is possible that the saslogon service is initializing with a different keystore.

0 Likes
YvetteS
Calcite | Level 5 YvetteS
Calcite | Level 5

Re: SAS Viya 3.3 Cannot Authenticate Users

Posted 12-21-2018 11:45 AM (1020 views)  |   In reply to YvetteS

I have found another location containing those files:

 

/opt/sas/yiva/home/SASSecurityCertificateFramework/cacerts

 

So the question is which does viya use? If it is the above, this could be the issue.

0 Likes
YvetteS
Calcite | Level 5 YvetteS
Calcite | Level 5

Re: SAS Viya 3.3 Cannot Authenticate Users

Posted 12-21-2018 11:55 AM (1012 views)  |   In reply to YvetteS

Found the java config opts it is pointing to:

 

/opt/sas/viya/config/etc/SASSecurityCertificateFramework/cacerts/trustedcerts.jks

 

These are messages from our IT partner - anyone have any ideas for troubleshooting?

0 Likes

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 22 replies
  • ‎09-13-2018 10:39 AM
  • 4602 views
  • 1 like
  • 2 in conversation