Watch this Ask the Expert session to learn the various techniques to connect to SAS Viya.
To access SAS data, services and APIs from outside SAS, you must first log in. This requires registering clients and creating access tokens to allow authentication to and authorization of SAS. Watch this webinar to learn:
The questions from the Q&A segment held at the end of the webinar are listed below and the slides from the webinar are attached.
Q&A
If there are already existing client_ids, can they be used instead of creating a new client?
Out of the box, SAS Viya is not configured with any public Client ID. Client IDs need to be created/configured by a SAS Administrator, following the documented procedures. Once a client is created, it does not expire, unless revoked by the admin.
How do I access SAS Viya on demand via Windows 10?
There is no option to access SAS Viya APIs using SAS On Demand for Academics (SODA), so authentication via OAuth is not an option. SAS OnDemand for Academics is accessed via a web browser, regardless of your OS. Once registered for SODA, you receive a URL. You log into the environment using your SAS profile credentials. You have the option of accessing SAS via SAS Studio or SASPy.
Is it possible to send the curl program language during this webinar?
Sure. All the curl commands used in during the webinar are in the Appendix of the presentation, which is available on the Ask the Expert Communities page. We’ll also be publishing a new version of the Getting Started with SAS Viya REST APIs page which will have the curl commands as well as in other languages.
How can I integrate OAuth 2.0 with SAML?
OAuth and SAML cohabitate,but are independent of one another. To the Viya APIs, SASLogon provides OAuth 2.0 services. The OAuth 2.0 spec does not stipulate how the server should authenticate users. This diagram kind of shows where things lie:
IDP ---- SAML --- SASLogon ---- OAuth ---- Viya APIs
In a SAS environment configured for SAML, using the procedures outlined in the webinar, SASLogon would use the provided information to authenticate against the SAML configuration and grant access to the resource server for authorization. The end result is SASLogon issuing the access token.
Since SAS Viya does not authenticate passwords when configured for SSO, you'll want to use the authorization_code grant type.
Is there a way to allow Active Directory to interact with SAS Viya APIs?
In the SAS Viya Environment Manager, SASLogon is configured with everything it needs pertaining to Active Directory. When following the procedures outlined during the webinar SASLogon handles all the work for authentication and authorization. AD acts as the authentication server in this scenario and SASLogon is the connection between the client and the server.
SAS also integrates with Azure Active Directory (AAD) so that when users are authenticated with AAD, Viya can access some of their resources in AAD. AAD SSO integration provides single sign-on (SSO) across Viya and Azure. If your SAS Viya deployment uses Azure Active Directory (AAD) to authenticate, then your applications can access Azure data and APIs without any additional logins or user interaction. Access to Azure APIs will be under the user identity, so any access controls for users will be enforced by Azure.
Additionally, we are working on additional integrations with AAD so for example you can call Viya APIs from within Azure Machine Learning by using SASPy.
How does this work in a single sign on environment?
The procedures outlined in the webinar will work in a SSO SAS environment. Based on the authorization grant type choice, the client may still need to provide authentication credentials of a user during the process, if they are not already logged in.
Is the client_id (in OAuth-call) linked with the identities service in SAS (users/groups registered in identities service)?
No, the OAuth client IDs registered in Viya are not represented as identities in the identities service. The Client ID is not what you think of as a typical SAS User set up in users/groups. When the client requests access, it does so on behalf of a user/group. This is outlined on the General OAuth Flow slide in the presentation. An authorization request is initiated by the client. The resource owner (SAS user) is asked to identify themselves. SASLogon takes all this info and authenticates the user and if everything checks out, passes an authorization code back to the client.
I am using ASP.Net C# web forms using .Net Framework 4.5.2. Can I do a GET request to the SAS Viya API and pass the token so I can open the URL?
First, you will need to create an access token on SAS Viya as outlined in the webinar to make the GET requests. The language you use doesn't matter, if you can do the same requests (POST,GET...) as POSTMAN/CURL with .NET, it will work.
I would like our users to open an interactive report by bypassing the SAS logon screen. Is there a way to do that using a browser?
It’s possible to setup SAS logon with SSO so it automatically redirects to an identity provider using OIDC or SAML. This way, if the user is already signed in, they never see the login page but will be accessing the report (or whatever) as themselves.
This is also possible by setting up Guest access. This allows anonymous public access to a specific and limited set of resources or web applications. Instructions for setting up Guest access, both during and post-installation are in the SAS Documenta....
My main goal is to open a SAS report in interactive mode developed in SAS Viya by a different team by bypassing the SAS Logon Manager. How do I do this? I am from a C# background.
See answers from the previous question.
Recommended Resources
OpenID Connect Opens the Door to SAS® Viya® APIs
Authentication to SAS Viya: a couple of approaches
SAS Viya Monthly Release Highlights Video
SAS Programmer Week (Free + Virtual)
Want more tips? Be sure to subscribe to the Ask the Expert board to receive follow up Q&A, slides and recordings from other SAS Ask the Expert webinars.
Registration is now open for SAS Innovate 2025 , our biggest and most exciting global event of the year! Join us in Orlando, FL, May 6-9.
Sign up by Dec. 31 to get the 2024 rate of just $495.
Register now!
Ready to level-up your skills? Choose your own adventure.
Your Home for Learning SAS
SAS Academic Software
SAS Learning Report Newsletter
SAS Tech Report Newsletter