Architecting, installing and maintaining your SAS environment

Same user multiple authentication domains

Accepted Solution Solved
Reply
Contributor
Posts: 28
Accepted Solution

Same user multiple authentication domains

I have two database servers that developers will access, for each database I have defined a separate authentication domain. As the servers are related they have the same username but different passwords. I can define the username 'developer' to the first authentication domain and everything works properly. The problem come in when I try to add the same user 'developer' to the second authentication domain with a separate password. I get an error that the userid is already being user by another user or group.

Does anyone know a way around this? This shouldn't be _ problem as the authentication domains are different.


Accepted Solutions
Solution
‎03-23-2013 01:41 PM
Contributor
Posts: 28

Re: Same user multiple authentication domains

The problem I am having is assigning the user name to another group. I did test Haikuo solution by putting the same user in a single group and it works properly. The problem is that users who have access in the first authentication domain shouldn't have access in the second authentication domain.

View solution in original post


All Replies
Respected Advisor
Posts: 3,124

Re: Same user multiple authentication domains

Capture.JPG

I must have hit the different spot. I have users just like the one you have, eg. need to access multiple different database with the same login ID. It worked fine for me. The posted example is showing an user(me) to have access to 3 database, 2 Oracle, 1 SQL server, using the same user ID.

Haikuo

PROC Star
Posts: 1,099

Re: Same user multiple authentication domains

I agree with Haikuo. I don't have access to the metadata server environment any more, but I did the same thing that she shows with no problem. I don't really know what to suggest, if nobody has any ideas that help you out throw it over the wall to Tech. Support. I suspect you're doing something that you're not describing that is causing the problem.

Tom

Solution
‎03-23-2013 01:41 PM
Contributor
Posts: 28

Re: Same user multiple authentication domains

The problem I am having is assigning the user name to another group. I did test Haikuo solution by putting the same user in a single group and it works properly. The problem is that users who have access in the first authentication domain shouldn't have access in the second authentication domain.

Super User
Posts: 3,113

Re: Same user multiple authentication domains

Have you tried leaving the Authentification Domain as default (DefaultAuth) and adding the domain on the front of the userid (DOMAIN1\user1,  DOMAIN2\user1) in SMC? We always define our userids this way so they only authenticate in the one domain.

Occasional Contributor
Posts: 8

Re: Same user multiple authentication domains

Hi Bream_bn,

Were you able to get it working the way you wanted it. I am in the same situation and want to add same user to a different group with a different authentication Domain. Adding same user to the same group with different authentication domain is not an option at least no tan easy one.

Super Contributor
Posts: 408

Re: Same user multiple authentication domains

Hi,

As of 9.4M2 an authentication domain can be labeled as Outbound Only. That would lift the uniqueness constraint.

From the docs (SAS(R) 9.4 Intelligence Platform: Security Administration Guide, Second Edition):

Outbound and Trusted Authentication Domains

Beginning in the second maintenance release for SAS 9.4 is support for outbound and trusted authentication domains. A login in an outbound domain is used only to provide SAS applications with seamless access to external resources, such as a third-party vendor database. These logins are not part of the SAS identity phase, which attempts to determine the current metadata user by matching their authenticated user ID to the user ID stored in a login. Therefore, for outbound domain logins, the uniqueness requirement on the user ID is not enforced. 

Regards Jan

☑ This topic is solved.

Need further help from the community? Please ask a new question.

Discussion stats
  • 6 replies
  • 1615 views
  • 4 likes
  • 6 in conversation