cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
☑ This topic is solved. Need further help from the community? Please sign in and ask a new question.
alko13
Quartz | Level 8 alko13
Quartz | Level 8
Go to Solution

Single Sign on on Midtier and Desktop Applications in Linux

Posted 02-06-2023 01:29 AM (568 views)

Hi

 

We have a 9.4 and Viya 3.5 environment on Linux, we would like to setup Single Sign on on Midtier (9.4 and Viya3.5) and IWA for desktop apps. Appreciate any help to refer me to documentations to achieve this.

 

Also Is it required for the user to be able to ssh to the linux servers (like configure pam/sssd)?

 

Thanks

 

 

0 Likes
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Single Sign on on Midtier and Desktop Applications in Linux

Posted 02-06-2023 09:12 AM (526 views)  |   In reply to alko13
The relevant documentation is below. If you want a process to be owned by the authenticating user, their user ID must be valid on the compute server and potentially the CAS host in Viya (i.e. configure PAM/SSSD), but this does not necessarily mean they need to be able to SSH to the server. Alternatively the SAS/CAS process can be owned by a shared account, but this prevents using file system authorization to be used to limit access.

SAS 9.4 Administration - Middle Tier Administration Guide - Support for Integrated Windows Authentication
https://go.documentation.sas.com/doc/en/bicdc/9.4/bimtag/p1871e69gmwdr0n1o182krslc10p.htm

SAS 9.4 Administration - Security Administration Guide - How to Configure Integrated Windows Authentication
https://go.documentation.sas.com/doc/en/bicdc/9.4/bisecag/n1d1zo1jsf2o0en1ehu4c4simfky.htm

Viya 3.5 Administration - Authentication: How-to
https://go.documentation.sas.com/doc/en/calcdc/3.5/calauthmdl/n1pkgyrtk8bp4zn1d0v1ln4869og.htm
--
Greg Wootton | Principal Systems Technical Support Engineer

View solution in original post

0 Likes
Reply
3 REPLIES 3
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Single Sign on on Midtier and Desktop Applications in Linux

Posted 02-06-2023 09:12 AM (527 views)  |   In reply to alko13
The relevant documentation is below. If you want a process to be owned by the authenticating user, their user ID must be valid on the compute server and potentially the CAS host in Viya (i.e. configure PAM/SSSD), but this does not necessarily mean they need to be able to SSH to the server. Alternatively the SAS/CAS process can be owned by a shared account, but this prevents using file system authorization to be used to limit access.

SAS 9.4 Administration - Middle Tier Administration Guide - Support for Integrated Windows Authentication
https://go.documentation.sas.com/doc/en/bicdc/9.4/bimtag/p1871e69gmwdr0n1o182krslc10p.htm

SAS 9.4 Administration - Security Administration Guide - How to Configure Integrated Windows Authentication
https://go.documentation.sas.com/doc/en/bicdc/9.4/bisecag/n1d1zo1jsf2o0en1ehu4c4simfky.htm

Viya 3.5 Administration - Authentication: How-to
https://go.documentation.sas.com/doc/en/calcdc/3.5/calauthmdl/n1pkgyrtk8bp4zn1d0v1ln4869og.htm
--
Greg Wootton | Principal Systems Technical Support Engineer
0 Likes
Reply
alko13
Quartz | Level 8 alko13
Quartz | Level 8

Re: Single Sign on on Midtier and Desktop Applications in Linux

Posted 02-07-2023 12:06 AM (498 views)  |   In reply to gwootton

Thanks for the reply Greg.

Just to clarify, PAM/SSSD is really not required to achieve SSO, this is just optional if we wanted the SAS process be owned by the authenticating user in 9.4 and Viya 3.5?

0 Likes
Reply
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Single Sign on on Midtier and Desktop Applications in Linux

Posted 02-07-2023 09:12 AM (476 views)  |   In reply to alko13
That's correct.
--
Greg Wootton | Principal Systems Technical Support Engineer
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 3 replies
  • ‎02-06-2023 01:29 AM
  • 569 views
  • 1 like
  • 2 in conversation