Your SAS programs, embedded in web apps and elsewhere

Bypass STP Login Screen Using Hard-Coded Credentials

Accepted Solution Solved
Reply
New Contributor
Posts: 4
Accepted Solution

Bypass STP Login Screen Using Hard-Coded Credentials

Is there a way to hard-code _username and _password macro variables in a stored process to be passed as login credentials when executed from SAS Stored Process Web?

 

For testing purposes I'm trying to execute my stored process from a link like this, and to have the hard-coded credentials in the program do the authentication:

http://server-name.com:8080/SASStoredProcess/do?_program=/path/to/program

 

I've spent a lot of time researching and I've seen how input parameters can be specified in the URL, so I'm not looking for that. I am wondering if the program code itself can do the authentication.


Accepted Solutions
Solution
‎05-01-2017 02:01 PM
Frequent Contributor
Posts: 91

Re: Bypass STP Login Screen Using Hard-Coded Credentials

Hi,

 

This is not possible. Your client browser must make a POST request with the user/pass to the /SASLogon app in order to retrieve a session ID to make the SASStoredProcess web app happy to talk to it. The SPWA doesn't / can't deal with auth stuff directly.

 

If this is a requirement you should seriously consider Configuring anonymous access for the SAS® Stored Process Web Application, and then limiting the STPs the anonymous users are able to execute by restricting the webanon@saspw metadata user.

 

Nik

View solution in original post


All Replies
Super User
Posts: 6,928

Re: Bypass STP Login Screen Using Hard-Coded Credentials

You need to specify credentials in the URL so the webapp can access the metadata. Only after that can the program be found and started.

---------------------------------------------------------------------------------------------
Maxims of Maximally Efficient SAS Programmers
Solution
‎05-01-2017 02:01 PM
Frequent Contributor
Posts: 91

Re: Bypass STP Login Screen Using Hard-Coded Credentials

Hi,

 

This is not possible. Your client browser must make a POST request with the user/pass to the /SASLogon app in order to retrieve a session ID to make the SASStoredProcess web app happy to talk to it. The SPWA doesn't / can't deal with auth stuff directly.

 

If this is a requirement you should seriously consider Configuring anonymous access for the SAS® Stored Process Web Application, and then limiting the STPs the anonymous users are able to execute by restricting the webanon@saspw metadata user.

 

Nik

☑ This topic is SOLVED.

Need further help from the community? Please ask a new question.

Discussion stats
  • 2 replies
  • 197 views
  • 2 likes
  • 3 in conversation