cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
Matt3
Quartz | Level 8 Matt3
Quartz | Level 8
Go to Solution

Sas Viya Python SWAT Connection failed. Server returned: Authentication failed: Access denied.

Posted 04-18-2019 09:45 AM (2633 views)

Hi, when I ve tried to connect to CAS, I ve received following error.

 

ERROR: Connection failed. Server returned: Authentication failed: Access denied.

 

1. I ve already set right path to  ssl cert location in env variable.

2. Credentials are proper, when I ve tried to give wrong ones I received message thant SAS logon manager can not  authenticate me.

3. Ports are opens

4. My version of SAS Viya is 3.4 which is running on Redhat 7.x

 

 

Should I ve  changed something in SAS Envinroment Manager?

What may cause the problem?

 

Thank you! 🙂 

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions
Eric_D
SAS Employee Eric_D
SAS Employee

Re: Sas Viya Python SWAT Connection failed. Server returned: Authentication failed: Access denied.

Posted 04-18-2019 10:40 AM (2617 views)  |   In reply to Matt3

So connecting to Viya via an external client....

 

That is really a three step process (0, 1, 2)

 

Step 0: Done by an administrator. They register a new 'client' with the Oauth Server known as SASLogon this requires a console token, an id (what you want your app to be known as), and a priveate key (password)

Once this is completed the Oauth server know knows that some named client can connect with some passphrase 

This is normally done only once per client, then the admin has to share this id,password with the end users who would need to connect.

 

Step 1: You try to authenticate from a client. 

So this would be you in Python, trying to connect to SASViya to authenticate and get an Oauth token that can then be leveraged in API or CAS connections. This also requires that you send a client id,password so that the Oauth server knows that the requires is coming from a valid source. 

 

Step 2: Using your Oauth token to connect to a secure resource. 

So that that you have authenticated to SASLogon and gotten an oauth token back, you can leverage that token to connect to secure resources like CAS or API endpoints. However you might not be authorized for some resources, but that is another post entirely. 

 

This is broken down really well here with examples: https://developer.sas.com/reference/auth/

 

In this example they create a new registered client in the Oauth server called 'app', with some "client_secret" (the password/key/whatever you want to call it)

 

Then they use that to authenticate to Viya with 

curl -X POST "https://server.example.com/SASLogon/oauth/token" \
      -H "Content-Type: application/x-www-form-urlencoded" \
      -d "grant_type=password&username=<user-id>&password=<password>" \
      -u "app:mysecret"

Where they use -u on the post with the 'app:password' that was registered in what I would call step 0. And what they get back is the oauth token they then leverage in an API call or CAS connection 

View solution in original post

0 Likes
4 REPLIES 4
Eric_D
SAS Employee Eric_D
SAS Employee

Re: Sas Viya Python SWAT Connection failed. Server returned: Authentication failed: Access denied.

Posted 04-18-2019 10:40 AM (2618 views)  |   In reply to Matt3

So connecting to Viya via an external client....

 

That is really a three step process (0, 1, 2)

 

Step 0: Done by an administrator. They register a new 'client' with the Oauth Server known as SASLogon this requires a console token, an id (what you want your app to be known as), and a priveate key (password)

Once this is completed the Oauth server know knows that some named client can connect with some passphrase 

This is normally done only once per client, then the admin has to share this id,password with the end users who would need to connect.

 

Step 1: You try to authenticate from a client. 

So this would be you in Python, trying to connect to SASViya to authenticate and get an Oauth token that can then be leveraged in API or CAS connections. This also requires that you send a client id,password so that the Oauth server knows that the requires is coming from a valid source. 

 

Step 2: Using your Oauth token to connect to a secure resource. 

So that that you have authenticated to SASLogon and gotten an oauth token back, you can leverage that token to connect to secure resources like CAS or API endpoints. However you might not be authorized for some resources, but that is another post entirely. 

 

This is broken down really well here with examples: https://developer.sas.com/reference/auth/

 

In this example they create a new registered client in the Oauth server called 'app', with some "client_secret" (the password/key/whatever you want to call it)

 

Then they use that to authenticate to Viya with 

curl -X POST "https://server.example.com/SASLogon/oauth/token" \
      -H "Content-Type: application/x-www-form-urlencoded" \
      -d "grant_type=password&username=<user-id>&password=<password>" \
      -u "app:mysecret"

Where they use -u on the post with the 'app:password' that was registered in what I would call step 0. And what they get back is the oauth token they then leverage in an API call or CAS connection 

0 Likes
Matt3
Quartz | Level 8 Matt3
Quartz | Level 8

Re: Sas Viya Python SWAT Connection failed. Server returned: Authentication failed: Access denied.

Posted 04-18-2019 12:35 PM (2610 views)  |   In reply to Eric_D

I found out that via SWAT I can not create new cas session. When I connect to session that already exists (started in sas studio) everything works fine.

0 Likes
Eric_D
SAS Employee Eric_D
SAS Employee

Re: Sas Viya Python SWAT Connection failed. Server returned: Authentication failed: Access denied.

Posted 04-18-2019 03:19 PM (2596 views)  |   In reply to Matt3

So I would think you should be able to create a new session as well, but would need more information. 

0 Likes
Matt3
Quartz | Level 8 Matt3
Quartz | Level 8

Re: Sas Viya Python SWAT Connection failed. Server returned: Authentication failed: Access denied.

Posted 04-18-2019 12:46 PM (2607 views)  |   In reply to Eric_D

Thank you! parameter app='AppName' in CAS connection function was also needed.

0 Likes

sas-innovate-2024.png

Available on demand!

Missed SAS Innovate Las Vegas? Watch all the action for free! View the keynotes, general sessions and 22 breakouts on demand.

 

Register now!

Mastering the WHERE Clause in PROC SQL

SAS' Charu Shankar shares her PROC SQL expertise by showing you how to master the WHERE clause using real winter weather data.

Watch Mastering the WHERE Clause in PROC SQL on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • ‎04-18-2019 09:45 AM
  • 2634 views
  • 0 likes
  • 2 in conversation