cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
0 Likes

Allow Flexible UPN Naming in SAS Viya Kerberos-Delegation Scenarios

Status: New Suggestion Submitted by Fluorite | Level 6 on ‎01-11-2023 07:46 AM
2 Comments (2 New)

SAS Viya currently allows an AD UPN to not be the same name as an SPN in scenarios where a user only IWA's into Viya Login via Kerberos, but not in cases where the Kerberos credentials then need to be delegated downstream to SQLSvr/Hadoop/etc via SAS/ACCESS products.  Some of our clients have internal IT naming-requirements for their UPNs which do not match the HTTP/xxxxxxxxx naming requirements for an SPN. 

 

I'd like to request that Viya support the UPN name being different from the SPN, in scenarios where the Kerberos credentials will be delegated downstream. 

 

Many thanks!

See more ideas labeled with:
2 Comments
rhmthomson1
SAS Employee
SAS Employee
‎06-21-2024 04:24 AM
‎06-21-2024 04:24 AM
Status changed to: Suggestion Under Review

As product manager for SAS/Access I will review this with my development team, and respond accordingly, and potentialy ask some additional questions.

0 Likes
rhmthomson1
SAS Employee
SAS Employee
‎08-13-2024 05:28 AM
‎08-13-2024 05:28 AM
Status changed to: New Suggestion

Having spoken to our Engineers they believe what you are requesting is non-standard, which could require special coding to support.

 

Are you able to  provide independant documentation as to why this configuration is preferable and more secure? We can then consider this further

0 Likes