Hi @umashankersaini    Since yesterday we get this exact same error for a job that has run without problems for a long time. Did you find an answer to your question?   Regards, Bart Heinsius ... View more

Hi @StuartRogers,   Thanks I updated the rule.   I still received prompts for credentials in my browser within SAS VA, when switching between the VA apps, like from hub to designer. I asked SAS and the reason seams to be that switching always goes through SASLogon and there the /fb/ is not in the URL and also cannot be inserted. So the prompts appear again.   SAS said the browser sends the request to the SAS Server. The SAS Server replies with 401 and header WWW-Authenticate: Negotiate. For a browser within the same domain, and the right security settings, it means start Kerberos ticket exchange, and SSO will work as planned. However when a user is outside a domain, the browser does not allow Kerberos. It will try NTLM, and that is why the prompt shows up.   SAS suggested a workaround, to add the following lines to sas.conf that take out the WWW-Authenticate:negotiate from the HTTP header for certain IP ranges where you know that SSO will not work, so it will not be attempted:   <IfModule setenvif_module> SetEnvIf Remote_Addr (192.168.240.*) IS_customerx Header unset WWW-Authenticate env=IS_customerx </IfModule> And that works.   Note that sas.conf is regenerated when (re)deploying the webapps, for instance after hotfix installation, so this change would need to be redone after (re)deploying them. ... View more

I found that this does not work for direct links to reports, like:   https://example.com/SASVisualAnalyticsViewer/VisualAnalyticsViewer.jsp?reportName=MyFirstReport&reportPath=/Shared Data/Reports/&type=Report.BI&section=vi1&appSwitcherDisabled=true&reportViewOnly=true&propertiesEnabled=false&commentsEnabled=false   The Rewrite Rule rewrites the URL to: https://example.com/SASLogon/login?service=https%3A%2F%2Fexample.com%3A443%2FSASVisualAnalyticsViewer%2fVisualAnalyticsViewer%2ejsp%2Fj_spring_cas_security_check&fallback=true   Apart from the parameters that are not being passed, the callback is https://example.com:443/SASVisualAnalyticsViewer/VisualAnalyticsViewer.jsp/j_spring_cas_security_check which does not exist and so gives a HTTP Status 404 – Not Found   Is there a solution for this?   ... View more

The RewriteRule works great except when the URL has a trailing slash, like https://example.com:8343/fb/SASStoredProcess/ The rule then translates the trailing / to // causing an error.   I added a RewriteRule for a URL that has a trailing slash, to run before the original rule:   RewriteRule "^/fb/(.*)/$" "https://%{SERVER_NAME}:%{SERVER_PORT}/SASLogon/login?service\=https\%3A\%2F\%2F%{SERVER_NAME}\%3A%{SERVER_PORT}\%2F$1\%2Fj_spring_cas_security_check&fallback=true" [B,NE,NC,R,L] RewriteRule "^/fb/(.*)" "https://%{SERVER_NAME}:%{SERVER_PORT}/SASLogon/login?service\=https\%3A\%2F\%2F%{SERVER_NAME}\%3A%{SERVER_PORT}\%2F$1\%2Fj_spring_cas_security_check&fallback=true" [B,NE,NC,R,L] it works better now for me. ... View more

Hi @JuanS_OCS   Thanks for your suggestions. I had tried/investigated all you suggest but it did not help.   As a last resort I rebooted all tiers (meta/compute/web) and that solved the problem. The problem may have been caused by an incorrect startup order of the tiers after scheduled maintenance (Windows), as we have not set that up yet.   Regards, Bart ... View more