cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed

SAS Viya LTS 2025.09 Kerberos for SAS Logon Manager

Started ‎12-03-2025 by
Modified ‎12-03-2025 by
Views 679

The details for how you configure Kerberos authentication for SAS Logon Manager are changing with the SAS Viya LTS 2025.09 release. This originally changed in the SAS Viya Stable 2025.08 release. The change is minor and does not impact anyone upgrading to these releases or later versions. The change only impacts people configuring Kerberos with SAS Logon Manager on these releases or later versions.


 

Now, when you configure Kerberos with SAS Logon Manager you need to edit a configuration.env file instead of the configmaps.yaml. In addition, the structure of the new file is much simpler. Previously, with the configmaps.yaml you would edit and update a Kubernetes config map generator. You would update the literals which define the environment variables that will be made available to the SAS Logon Manager pod. Such a configmaps.yaml might have looked something like the following:

 

apiVersion: builtin
kind: ConfigMapGenerator
metadata:
  name: sas-kerberos-config
literals:
- JAVA_OPTION_KRB5_CONF=-Djava.security.krb5.conf=/opt/kerberos/krb5.conf
- JAVA_OPTION_KRB5_DEBUG=-Dsun.security.krb5.debug=false
- JAVA_OPTION_JGSS_DEBUG=-Dsun.security.jgss.debug=false
- SPRING_PROFILES_ACTIVE=ldap,postgresql,kerberos
- SAS_LOGON_KERBEROS_KEYTABLOCATION=file:///opt/kerberos/keytab
- SAS_LOGON_KERBEROS_DEBUG=true
- SAS_LOGON_KERBEROS_DISABLEDELEGATIONWARNING=true
- SAS_LOGON_KERBEROS_HOLDONTOGSSCONTEXT=false
- SAS_LOGON_KERBEROS_SERVICEPRINCIPAL={{ PRINCIPAL-NAME-IN-KEYTAB }} #change this to the principal name in the keytab
- SAS_LOGON_KERBEROS_SPN={{ SPN }} #change this to the SPN

 

Instead, with the latest releases of SAS Viya the configuration.env file looks like the following:

 

# This file defines the configuration settings for kerberos.

SAS_LOGON_KERBEROS_SERVICEPRINCIPAL={{ PRINCIPAL-NAME-IN-KEYTAB }}
SAS_LOGON_KERBEROS_SPN={{ SPN }}
# JAVA_OPTION_KRB5_DEBUG=-Dsun.security.krb5.debug={{ KRB5-DEBUG-ENABLED }}
# JAVA_OPTION_JGSS_DEBUG=-Dsun.security.jgss.debug={{ JGSS-DEBUG-ENABLED }}
# SAS_LOGON_KERBEROS_DEBUG={{ SPRING-SECURITY-KERBEROS-DEBUG-ENABLED }}
# SAS_LOGON_KERBEROS_DISABLEDELEGATIONWARNING={{ DISABLE-KERBEROS-DELEGATION-WARNING }}
# SAS_LOGON_KERBEROS_HOLDONTOGSSCONTEXT={{ ENABLE-KERBEROS-UNCONSTRAINED-DELEGATION }}

 

This is much easier to process and only includes the environment variables you might need to change. Anything that should not be changed is eliminated from the new style file.

 

If you want to explore this and other topics of authentication with SAS Viya the SAS Viya Authentication workshops in learn.sas.com have just been updated to SAS Viya LTS 2025.09. The courses available are:

 

 

 

Find more articles from SAS Global Enablement and Learning here.

0 Likes
Contributors
Version history
Last update:
‎12-03-2025 05:23 AM
Updated by:
SAS Employee

Catch up on SAS Innovate 2026

Nearly 200 sessions are now available on demand with the SAS Innovate Digital Pass.

Explore Now →

SAS AI and Machine Learning Courses

The rapid growth of AI technologies is driving an AI skills gap and demand for AI talent. Ready to grow your AI literacy? SAS offers free ways to get started for beginners, business leaders, and analytics professionals of all skill levels. Your future self will thank you.

Get started

Article Labels
Article Tags