cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
krusader
Fluorite | Level 6 krusader
Fluorite | Level 6
Go to Solution

Bypass STP Login Screen Using Hard-Coded Credentials

Posted 04-12-2017 07:56 PM (1777 views)

Is there a way to hard-code _username and _password macro variables in a stored process to be passed as login credentials when executed from SAS Stored Process Web?

 

For testing purposes I'm trying to execute my stored process from a link like this, and to have the hard-coded credentials in the program do the authentication:

http://server-name.com:8080/SASStoredProcess/do?_program=/path/to/program

 

I've spent a lot of time researching and I've seen how input parameters can be specified in the URL, so I'm not looking for that. I am wondering if the program code itself can do the authentication.

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions
boemskats
Lapis Lazuli | Level 10 boemskats
Lapis Lazuli | Level 10

Re: Bypass STP Login Screen Using Hard-Coded Credentials

Posted 04-17-2017 09:43 AM (1909 views)  |   In reply to krusader

Hi,

 

This is not possible. Your client browser must make a POST request with the user/pass to the /SASLogon app in order to retrieve a session ID to make the SASStoredProcess web app happy to talk to it. The SPWA doesn't / can't deal with auth stuff directly.

 

If this is a requirement you should seriously consider Configuring anonymous access for the SAS® Stored Process Web Application, and then limiting the STPs the anonymous users are able to execute by restricting the webanon@saspw metadata user.

 

Nik

View solution in original post

2 REPLIES 2
boemskats
Lapis Lazuli | Level 10 boemskats
Lapis Lazuli | Level 10

Re: Bypass STP Login Screen Using Hard-Coded Credentials

Posted 04-17-2017 09:43 AM (1910 views)  |   In reply to krusader

Hi,

 

This is not possible. Your client browser must make a POST request with the user/pass to the /SASLogon app in order to retrieve a session ID to make the SASStoredProcess web app happy to talk to it. The SPWA doesn't / can't deal with auth stuff directly.

 

If this is a requirement you should seriously consider Configuring anonymous access for the SAS® Stored Process Web Application, and then limiting the STPs the anonymous users are able to execute by restricting the webanon@saspw metadata user.

 

Nik

SAS Innovate 2025: Save the Date

 SAS Innovate 2025 is scheduled for May 6-9 in Orlando, FL. Sign up to be first to learn about the agenda and registration!

Save the date!

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Watch How to Concatenate Values on YouTube

Find more tutorials on the SAS Users YouTube channel.

SAS Training: Just a Click Away

 Ready to level-up your skills? Choose your own adventure.

Browse our catalog!

Discussion stats
  • 2 replies
  • ‎04-12-2017 07:56 PM
  • 1778 views
  • 2 likes
  • 3 in conversation