Solved: Re: sas-viya auth login

RexDeus9 · Posted 02-19-2023 12:07 PM

Hi,

I want to use the 'sas-viya' CLI tool with Viya 21-##-##. I've set the trusted certificate (copied from the sas-logon pod) and a valid sas user, I get 'Login failed. Bad userid or password'.

While trying the documented 'sas-viya --insecure auth login', which bypasses the TLS auth, I still can't connect.

Attached is the output I get using: sas-viya --insecure auth login --verbose

Any clues appreciated. Thx.

RexDeus9 · Posted 02-22-2023 09:46 AM

Thank you for the replies provided. I was able resolved the issue with the following:

sas-admin profile init

Enter: http://sasserver.demo.sas.com

*** RESET TOKEN ***

sas-admin --verbose --profile Default -k auth login

Enter <UserID>/<Password>

All is good!

View solution in original post

DavidHD · Posted 02-19-2023 12:32 PM

Hi,

do you by chance have a URL special character in your password? If so please URL encode it and try to authenticate again.

RexDeus9 · Posted 02-19-2023 01:54 PM

Hi David,

Thank you for such a quick reply. No, I don't have URL special character, it's the very common 'Orion123'. I don't understand why we are provided with the '-k' and '--insecure' arguments to bypass TLS, but it doesn't.

gwootton · Posted 02-20-2023 08:57 AM

How are you determining the --insecure, -k option is not bypassing TLS validation?

From your screenshot you've provided the URL as http not https, and --verbose should be before "auth login"

--
Greg Wootton | Principal Systems Technical Support Engineer

RexDeus9 · Posted 02-20-2023 09:09 AM

Hi,

Yes thank you, I corrected the '--verbose' argument afterwards (did not update the screen shot), and still no luck.

Using '-k' (or --insecure) still ask you for the userid/password.

gwootton · Posted 02-20-2023 09:11 AM

Are you expecting it not to ask for your user ID and password? That should happen when you run auth login.

--
Greg Wootton | Principal Systems Technical Support Engineer

sangavis37 · Posted 02-20-2023 03:34 AM

This is what I normally do and it always works for me
export SSL_CERT_FILE=/opt/sas/viya/config/etc/SASSecurityCertificateFramework/cacerts/trustedcerts.pem
/opt/sas/viya/home/bin/sas-admin profile set-endpoint "<url>"
/opt/sas/viya/home/bin/sas-admin profile toggle-color off
/opt/sas/viya/home/bin/sas-admin profile set-output fulljson
/opt/sas/viya/home/bin/sas-admin auth login --user '<user>' --password '<password>'

RexDeus9 · Posted 02-20-2023 08:53 AM

Hi,

Please read carefully, I'm using 'sas-viya' CLI tool, not 'sas-admin', which is intended for Viya 3.x, while 'sas-viya' is for Viya 21xx-xx and above.

Thank you.

gwootton · Posted 02-20-2023 09:02 AM

sas-viya and sas-admin work very similarly. If you have the certificate from sas-logon-app pod you can specify it in the environment variable SSL_CERT_FILE. The other commands mentioned are also valid with the sas-viya command.

Command-Line Interface: Preliminary Instructions
https://go.documentation.sas.com/doc/en/sasadmincdc/v_037/calcli/n1e2dehluji7jon1gk69yggc6i28.htm

--
Greg Wootton | Principal Systems Technical Support Engineer

doug_sas · Posted 02-20-2023 09:03 AM

TLS/SSL is not your problem. Also, @sangavis37 's commands will work if you replace sas-admin with sas-viya.

Is the endpoint URL you are going to correct? http://sasserver.demo.sas.com does not exist according to my browser.

DavidHD · Posted 02-20-2023 09:34 AM

The -k/--insecure mean that the certificate validation step is skipped.

I would suggest trying to ping the server (http://sasserver.demo.sas.com) from the command line and make sure that you get something in return.

Next try logging in using:

sas-viya -k auth login -u sas -p Orion123

RexDeus9 · Posted 02-22-2023 09:46 AM

Thank you for the replies provided. I was able resolved the issue with the following:

sas-admin profile init

Enter: http://sasserver.demo.sas.com

*** RESET TOKEN ***

sas-admin --verbose --profile Default -k auth login

Enter <UserID>/<Password>

All is good!