BookmarkSubscribeRSS Feed
☑ This topic is solved. Need further help from the community? Please sign in and ask a new question.
alko13
Quartz | Level 8

Hi

 

We have a 9.4 and Viya 3.5 environment on Linux, we would like to setup Single Sign on on Midtier (9.4 and Viya3.5) and IWA for desktop apps. Appreciate any help to refer me to documentations to achieve this.

 

Also Is it required for the user to be able to ssh to the linux servers (like configure pam/sssd)?

 

Thanks

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
gwootton
SAS Super FREQ
The relevant documentation is below. If you want a process to be owned by the authenticating user, their user ID must be valid on the compute server and potentially the CAS host in Viya (i.e. configure PAM/SSSD), but this does not necessarily mean they need to be able to SSH to the server. Alternatively the SAS/CAS process can be owned by a shared account, but this prevents using file system authorization to be used to limit access.

SAS 9.4 Administration - Middle Tier Administration Guide - Support for Integrated Windows Authentication
https://go.documentation.sas.com/doc/en/bicdc/9.4/bimtag/p1871e69gmwdr0n1o182krslc10p.htm

SAS 9.4 Administration - Security Administration Guide - How to Configure Integrated Windows Authentication
https://go.documentation.sas.com/doc/en/bicdc/9.4/bisecag/n1d1zo1jsf2o0en1ehu4c4simfky.htm

Viya 3.5 Administration - Authentication: How-to
https://go.documentation.sas.com/doc/en/calcdc/3.5/calauthmdl/n1pkgyrtk8bp4zn1d0v1ln4869og.htm
--
Greg Wootton | Principal Systems Technical Support Engineer

View solution in original post

3 REPLIES 3
gwootton
SAS Super FREQ
The relevant documentation is below. If you want a process to be owned by the authenticating user, their user ID must be valid on the compute server and potentially the CAS host in Viya (i.e. configure PAM/SSSD), but this does not necessarily mean they need to be able to SSH to the server. Alternatively the SAS/CAS process can be owned by a shared account, but this prevents using file system authorization to be used to limit access.

SAS 9.4 Administration - Middle Tier Administration Guide - Support for Integrated Windows Authentication
https://go.documentation.sas.com/doc/en/bicdc/9.4/bimtag/p1871e69gmwdr0n1o182krslc10p.htm

SAS 9.4 Administration - Security Administration Guide - How to Configure Integrated Windows Authentication
https://go.documentation.sas.com/doc/en/bicdc/9.4/bisecag/n1d1zo1jsf2o0en1ehu4c4simfky.htm

Viya 3.5 Administration - Authentication: How-to
https://go.documentation.sas.com/doc/en/calcdc/3.5/calauthmdl/n1pkgyrtk8bp4zn1d0v1ln4869og.htm
--
Greg Wootton | Principal Systems Technical Support Engineer
alko13
Quartz | Level 8

Thanks for the reply Greg.

Just to clarify, PAM/SSSD is really not required to achieve SSO, this is just optional if we wanted the SAS process be owned by the authenticating user in 9.4 and Viya 3.5?

gwootton
SAS Super FREQ
That's correct.
--
Greg Wootton | Principal Systems Technical Support Engineer

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 3 replies
  • 481 views
  • 1 like
  • 2 in conversation