cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed

How Do I Authenticate to SAS Viya?

Started ‎08-12-2021 by
Modified ‎08-19-2021 by
Views 5,454
Ask the Expert - How Do I Authenticate to SAS Viya.pdf

Watch this Ask the Expert session to learn the various techniques to connect to SAS Viya. 

Watch the webinar

Authenticate to SAS Viya.jpg

To access SAS data, services and APIs from outside SAS, you must first log in. This requires registering clients and creating access tokens to allow authentication to and authorization of SAS. Watch this webinar to learn:

  • The basics of OAuth, the industry-standard protocol used to get access to protected data from an application.
  • How SAS Viya uses these standards, with a demonstration of how developers and administrators can use simple commands such as curl to authenticate and access SAS Viya APIs.
  • How to connect to SAS from various open source languages and technologies such as Postman and Jupyter Notebook.

The questions from the Q&A segment held at the end of the webinar are listed below and the slides from the webinar are attached.

 

Q&A

If there are already existing client_ids, can they be used instead of creating a new client?

Out of the box, SAS Viya is not configured with any public Client ID. Client IDs need to be created/configured by a SAS Administrator, following the documented procedures. Once a client is created, it does not expire, unless revoked by the admin.

 

How do I access SAS Viya on demand via Windows 10?

There is no option to access SAS Viya APIs using SAS On Demand for Academics (SODA), so authentication via OAuth is not an option. SAS OnDemand for Academics is accessed via a web browser, regardless of your OS. Once registered for SODA, you receive a URL. You log into the environment using your SAS profile credentials. You have the option of accessing SAS via SAS Studio or SASPy.

 

Is it possible to send the curl program language during this webinar?

Sure. All the curl commands used in during the webinar are in the Appendix of the presentation, which is available on the Ask the Expert Communities page. We’ll also be publishing a new version of the Getting Started with SAS Viya REST APIs page which will have the curl commands as well as in other languages.

 

How can I integrate OAuth 2.0 with SAML?

OAuth and SAML cohabitate,but are independent of one another. To the Viya APIs, SASLogon provides OAuth 2.0 services.  The OAuth 2.0 spec does not stipulate how the server should authenticate users. This diagram kind of shows where things lie:

 

IDP ---- SAML ---  SASLogon ----  OAuth ---- Viya APIs 

 

In a SAS environment configured for SAML, using the procedures outlined in the webinar, SASLogon would use the provided information to authenticate against the SAML configuration and grant access to the resource server for authorization. The end result is SASLogon issuing the access token.

 

Since SAS Viya does not authenticate passwords when configured for SSO, you'll want to use the authorization_code grant type.

 

Is there a way to allow Active Directory to interact with SAS Viya APIs?

In the SAS Viya Environment Manager, SASLogon is configured with everything it needs pertaining to Active Directory. When following the procedures outlined during the webinar SASLogon handles all the work for authentication and authorization. AD acts as the authentication server in this scenario and SASLogon is the connection between the client and the server.

 

SAS also integrates with Azure Active Directory (AAD) so that when users are authenticated with AAD, Viya can access some of their resources in AAD. AAD SSO integration provides single sign-on (SSO) across Viya and Azure. If your SAS Viya deployment uses Azure Active Directory (AAD) to authenticate, then your applications can access Azure data and APIs without any additional logins or user interaction. Access to Azure APIs will be under the user identity, so any access controls for users will be enforced by Azure.


Additionally, we are working on additional integrations with AAD so for example you can call Viya APIs from within Azure Machine Learning by using SASPy.

 

How does this work in a single sign on environment?

The procedures outlined in the webinar will work in a SSO SAS environment. Based on the authorization grant type choice, the client may still need to provide authentication credentials of a user during the process, if they are not already logged in.

 

Is the client_id (in OAuth-call) linked with the identities service in SAS (users/groups registered in identities service)?

No, the OAuth client IDs registered in Viya are not represented as identities in the identities service. The Client ID is not what you think of as a typical SAS User set up in users/groups. When the client requests access, it does so on behalf of a user/group. This is outlined on the General OAuth Flow slide in the presentation. An authorization request is initiated by the client. The resource owner (SAS user) is asked to identify themselves. SASLogon takes all this info and authenticates the user and if everything checks out, passes an authorization code back to the client.

 

I am using ASP.Net C# web forms using .Net Framework 4.5.2. Can I do a GET request to the SAS Viya API and pass the token so I can open the URL?

First, you will need to create an access token on SAS Viya as outlined in the webinar to make the GET requests. The language you use doesn't matter, if you can do the same requests (POST,GET...) as POSTMAN/CURL with .NET, it will work.

 

I would like our users to open an interactive report by bypassing the SAS logon screen. Is there a way to do that using a browser?

It’s possible to setup SAS logon with SSO so it automatically redirects to an identity provider using OIDC or SAML. This way, if the user is already signed in, they never see the login page but will be accessing the report (or whatever) as themselves.

 

This is also possible by setting up Guest access. This allows anonymous public access to a specific and limited set of resources or web applications. Instructions for setting up Guest access, both during and post-installation are in the SAS Documenta....

 

My main goal is to open a SAS report in interactive mode developed in SAS Viya by a different team by bypassing the SAS Logon Manager. How do I do this? I am from a C# background.

See answers from the previous question.

 

Recommended Resources

SAS Developer Portal

Developer Community

OpenID Connect Opens the Door to SAS® Viya® APIs

Authentication to SAS Viya: a couple of approaches

SAS Viya Monthly Release Highlights Video

SAS Programmer Week (Free + Virtual)

 

Want more tips? Be sure to subscribe to the Ask the Expert board to receive follow up Q&A, slides and recordings from other SAS Ask the Expert webinars.  

Version history
Last update:
‎08-19-2021 09:22 AM
Updated by:
Community Manager
Contributors

sas-innovate-2024.png

Available on demand!

Missed SAS Innovate Las Vegas? Watch all the action for free! View the keynotes, general sessions and 22 breakouts on demand.

 

Register now!

Click image to register for webinarClick image to register for webinar

Classroom Training Available!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Article Labels
Article Tags