07-20-2012 02:44 PM
I'm not a security expert and don't know exactly what you're after, but I'll throw some facts at the question:
If you need to go deeper on this, I suggest you contact SAS Technical Support.
07-21-2012 08:20 AM
thanks for your response.
I'm sorry, I should have been more specific.
SAS uses afaik a username and a password to verify/identify users in a hostbased approach (e.g. UNIX users).
UNIX users can have a openssl public key in e.g. .ssh/authorized_keys to login passwordless. They store a private key in a client like ssh client.
Is it possible to use these openssl keys of UNIX user accounts for a passwordless single-sign-on with SAS EG?
Thanks in advance!
07-21-2012 11:03 AM
You can use EG in a "single-signon" environment with UNIX systems by configuring "integrated Windows authentication" (IWA) and Kerberos. See this doc:
Also see the series of excellent posts by Paul Homes at:
04-08-2014 08:21 AM
I have created a .NET webservice using SAS IOM 9.2. Currently I am able to connect to SAS by specfying the USERNAME and PASSWORD , but I wanted to know if webservices can have passwordless authentication to establish connection like, public key and private key auth.
Thanks in advance.
04-08-2014 08:35 AM
If you've built a .NET webservice using ASP.NET technology, you can probably use the native facilities in the framework for that (I'm not that familiar with the options). If you want the SAS Metadata Server to help authenticate you, then you need to stick to the "single signon" options that are documented in the SAS Intelligence Platform doc. Here's a reference for SAS 9.2:
04-09-2014 02:18 AM
@emsmpa. Your logical requirements are not clear, please describe them.
For the major approach Eguide Metadataserver Objectspawner etc. is not making any use of SSH actually SAS is replacing that by their own approach.
Passwordless SSH is known at SAS, They are using it with a clustered SAS-VA environment to fulfill synchronization of the OS-layer for several accounts that can be high priviledged or having a dedicated role as data-administrator. The high-level security awareness of SAS is not aligned to common used approaches. SSH is one of those, SSH does everal things.
- If you need encryption over the wire the SAS replacement is coming with SAS/Secure.
- If you need to eliminate passwords as common requirement with high priviledged accoutns there is challenge. SAS is putting every users/passwords in files/databases.
As you are using Unix you could try to replace the involved scripts using sudo.
- Eguide is not really positioned for automated usage as it main usage is interactive.
It has the option to have let stored the password (hashed) in the user-profile environment. That is close to the ssh public key approach.
It has the option to have stored external connection user/passwords in a local file (credentials.xml) 30917 - Scheduling projects in SAS® Enterprise Guide® this option only is applicable when doing scheduling. For normal users you will close down this option as scheduling is focussed to be done central. Never now if you want to use this in your situation.
@sagarthalwar. Building a .Net application is not building a WEB application, they are different. When you build something that way you are building a Eguide verion on your own, Eguide is a .Net application. There are functions within Windows to get the credentials. Chris give that hint and it could become tricky Five strategies to eliminate passwords from your SAS programs - The SAS Dummy. When you are needing encryption over the wire or a automatic login you could solve that in the same way Eguide does.