cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
krusader
Fluorite | Level 6 krusader
Fluorite | Level 6
Go to Solution

Bypass STP Login Screen Using Hard-Coded Credentials

Posted 04-12-2017 07:56 PM (1423 views)

Is there a way to hard-code _username and _password macro variables in a stored process to be passed as login credentials when executed from SAS Stored Process Web?

 

For testing purposes I'm trying to execute my stored process from a link like this, and to have the hard-coded credentials in the program do the authentication:

http://server-name.com:8080/SASStoredProcess/do?_program=/path/to/program

 

I've spent a lot of time researching and I've seen how input parameters can be specified in the URL, so I'm not looking for that. I am wondering if the program code itself can do the authentication.

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions
boemskats
Lapis Lazuli | Level 10 boemskats
Lapis Lazuli | Level 10

Re: Bypass STP Login Screen Using Hard-Coded Credentials

Posted 04-17-2017 09:43 AM (1555 views)  |   In reply to krusader

Hi,

 

This is not possible. Your client browser must make a POST request with the user/pass to the /SASLogon app in order to retrieve a session ID to make the SASStoredProcess web app happy to talk to it. The SPWA doesn't / can't deal with auth stuff directly.

 

If this is a requirement you should seriously consider Configuring anonymous access for the SAS® Stored Process Web Application, and then limiting the STPs the anonymous users are able to execute by restricting the webanon@saspw metadata user.

 

Nik

View solution in original post

2 REPLIES 2
boemskats
Lapis Lazuli | Level 10 boemskats
Lapis Lazuli | Level 10

Re: Bypass STP Login Screen Using Hard-Coded Credentials

Posted 04-17-2017 09:43 AM (1556 views)  |   In reply to krusader

Hi,

 

This is not possible. Your client browser must make a POST request with the user/pass to the /SASLogon app in order to retrieve a session ID to make the SASStoredProcess web app happy to talk to it. The SPWA doesn't / can't deal with auth stuff directly.

 

If this is a requirement you should seriously consider Configuring anonymous access for the SAS® Stored Process Web Application, and then limiting the STPs the anonymous users are able to execute by restricting the webanon@saspw metadata user.

 

Nik

sas-innovate-2024.png

Available on demand!

Missed SAS Innovate Las Vegas? Watch all the action for free! View the keynotes, general sessions and 22 breakouts on demand.

 

Register now!

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Watch How to Concatenate Values on YouTube

Find more tutorials on the SAS Users YouTube channel.

Click image to register for webinarClick image to register for webinar

Classroom Training Available!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Discussion stats
  • 2 replies
  • ‎04-12-2017 07:56 PM
  • 1424 views
  • 2 likes
  • 3 in conversation