BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
Chery
Obsidian | Level 7

Hi Guys,

 

Can someone help me on SAS ( 9.4 DI, Viya) authentication process? I am quite confused with all the below questions.

 

What is OpenLDAP? What is AD ( active directory)

What is SSD/PAM ? 

What is relation between OpenLDAP and SSD/PAM?

What is local ID's ? and what is domain ID's?

How SAS 9.4 ( DI ) authenticates and SAS Viya authentication process?

How to integrate SSO to SAS 9.4 ( DI ) and SAS Viya?

 

 

Much appreciate your answers in lehman terminology rather than so many url links.

Thanks in advance.

 

Stay safe.

 

Thanks,

Cherry.

 

 

 

 

 

 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
JuanS_OCS
Amethyst | Level 16

Hi @Chery / Cherry,

 

I can help with some really high level explanations, to help you put yourself on the rails.

 

For further information, you might need to google, ask an expert or to go through the documentation in SAS and IT, that explain all of this in detail. Let me get myself started.

 

Every company needs a repository where all users, passwords, groups and other information are stored, and many resources, such as servers or PCs will be querying this repository in order to authenticate users or enforce certain policies. On Windows environments this is the Active Directory, and on Linux systems ou have OpenLDAP and others. LDAP is the protocol used for servers and PCs to connect to this repository.

 

PAM is a module on Linux that would allow Linux machines to use different authentication methods to authenticate. 

SSSD is a service, that can be plugged into PAM, that allows the authentication to Active Directory or any LDAP server.

 

User IDs (UID) and Usergroup IDs (GID) are necessary on every system. The domain ones will be defined on one of those company repositories, such as AD or LDAP, and their scope can be as broad as the company is. The local ones are defined on the server or PCs, and their scope is just that server or PC.

 

How SAS 9.4 ( DI ) authenticates and SAS Viya authentication process? -- This is too broad, as there are different authentication mechanisms for every tier. Here I suggest you to review the documentation. In SAS 9.4 the main authentication mechanism is Host Authentication (which allows also to authenticate against AD or LDAP depending on configuration), but you have more methods, such as Web Authentication. In SAS Viya the main authentication is LDAP and OAuth, but you have many more.

 

How to integrate SSO to SAS 9.4 ( DI ) and SAS Viya? -- This is even broader, you are asking for how-to guides. You do need to refer to the SAS documentation. Single Sign On have different ways to be applied as well: NTLM, Kerberos, SAML, etc.

 

Looking at the nature of your questions, I would highly recommend you to get the support of a Subject Matter Expert. Perhaps it would be a good idea for you to contact your SAS representative or a SAS partner.

 

In any case, thanks a lot for your question, it is a good one, I am sure others will see themselves with similar questions, therefore it is a good opportunity to provide some initial guidance. Really appreciated.

 

I hope it can help you a bit. If you have more questions, please do not hesitate to share, we are here to help each other!

 

You too, stay healthy.

Best regards,

Juan

 

 

View solution in original post

5 REPLIES 5
JuanS_OCS
Amethyst | Level 16

Hi @Chery / Cherry,

 

I can help with some really high level explanations, to help you put yourself on the rails.

 

For further information, you might need to google, ask an expert or to go through the documentation in SAS and IT, that explain all of this in detail. Let me get myself started.

 

Every company needs a repository where all users, passwords, groups and other information are stored, and many resources, such as servers or PCs will be querying this repository in order to authenticate users or enforce certain policies. On Windows environments this is the Active Directory, and on Linux systems ou have OpenLDAP and others. LDAP is the protocol used for servers and PCs to connect to this repository.

 

PAM is a module on Linux that would allow Linux machines to use different authentication methods to authenticate. 

SSSD is a service, that can be plugged into PAM, that allows the authentication to Active Directory or any LDAP server.

 

User IDs (UID) and Usergroup IDs (GID) are necessary on every system. The domain ones will be defined on one of those company repositories, such as AD or LDAP, and their scope can be as broad as the company is. The local ones are defined on the server or PCs, and their scope is just that server or PC.

 

How SAS 9.4 ( DI ) authenticates and SAS Viya authentication process? -- This is too broad, as there are different authentication mechanisms for every tier. Here I suggest you to review the documentation. In SAS 9.4 the main authentication mechanism is Host Authentication (which allows also to authenticate against AD or LDAP depending on configuration), but you have more methods, such as Web Authentication. In SAS Viya the main authentication is LDAP and OAuth, but you have many more.

 

How to integrate SSO to SAS 9.4 ( DI ) and SAS Viya? -- This is even broader, you are asking for how-to guides. You do need to refer to the SAS documentation. Single Sign On have different ways to be applied as well: NTLM, Kerberos, SAML, etc.

 

Looking at the nature of your questions, I would highly recommend you to get the support of a Subject Matter Expert. Perhaps it would be a good idea for you to contact your SAS representative or a SAS partner.

 

In any case, thanks a lot for your question, it is a good one, I am sure others will see themselves with similar questions, therefore it is a good opportunity to provide some initial guidance. Really appreciated.

 

I hope it can help you a bit. If you have more questions, please do not hesitate to share, we are here to help each other!

 

You too, stay healthy.

Best regards,

Juan

 

 

Chery
Obsidian | Level 7
Thank you Juan... Much appreciated your answer.
Chery
Obsidian | Level 7

Hi Juan,

I have few more questions in my mind too...

1. Once OpenLDAP installed and configured on Linux system for SAS authentication, can we also integrate with AD ( since AD is windows environment)? is this feasible?

2. OpenLDAP is a protocol not a directory, so does it has to be dependent on any directory to retrieve userid's and passwords?

 

Appreciate your help.

 

Staysafe.

 

Regards,

Cherry.

 

JuanS_OCS
Amethyst | Level 16

Hi @Chery 

 

don;t worry for this. On Windows SAS 9.4 will use automatically the Active Directory, and in SAS Viya you will need to make a normal LDAP connection. No need to worry much for the details at this stage.

Chery
Obsidian | Level 7

Hi Juan,

 

In my current environment SAS 9.4(DI, EG) and SAS Viya both resides on Linux. We do not have Windows environment.

 

 

Thanks & Regards,

Koti.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 5 replies
  • 1452 views
  • 5 likes
  • 2 in conversation