copyright © 2005, sas institute inc. all rights reserved. user authentication and single sign-on...
TRANSCRIPT
![Page 1: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/1.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
User Authentication and Single Sign-on Across the SAS®9 Platform Larry Noe and Scott Sweetland,Mid-tier and Platform Integration R&D
![Page 2: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/2.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Scene from a Spy Thriller Movie…
![Page 3: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/3.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Scene from a Spy Thriller Movie…
User authentication
Request for a resource
Location and credentials for resource
User accesses resource
![Page 4: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/4.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
User Authentication and Single Sign-on
![Page 5: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/5.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Multi-domain Customer Environments
Web Servers
Application Servers
Database Servers
![Page 6: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/6.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
SAS 9 Design GoalsIntegrate the Platform through Metadata
Infrastructure
Information resources
Business intelligence
Security framework
![Page 7: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/7.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
SAS 9 Security Framework
Metadata Server provides
Central location for user authentication
Identity Management
Credential Management
![Page 8: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/8.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Single Sign-On Access
Web Servers
Compute Servers
Database Servers
![Page 9: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/9.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Handout: Resources of Interest Schedule of related SAS Presents
Demo area for Security: Area 17
SAS web resources
Question and Answer format – tight for time so please bring your questions to us at the Security demo area
![Page 10: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/10.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
From Concepts to Implementation
How applications use the Metadata server for User Authentication.
Credential management to support single sign-on.
Case Studies
![Page 11: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/11.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
What is a Metadata Server?
Secure access to your Enterprise business and technical information
What is modeled in Metadata?• Configuration
• Physical Locations
• Business Intelligence
• Delivery
• User identities
![Page 12: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/12.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Metadata Server Authenticates Connecting Clients
Verifying user ‘is who they claim to be’
Typical authentication providers:• Host Operating System
• Directory Servers
• User ID and password databases
SAS 9 Metadata server supports: • Host OS Authentication
• LDAP
• Microsoft Active Directory
![Page 13: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/13.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Authenticating SAS 9 Application Users
User
User Logs On:User ID & Password
Application
Metadata Server
![Page 14: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/14.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Authenticating SAS 9 Application Users
User
Application connects to Metadata Server
using credentials
Application
Metadata Server
![Page 15: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/15.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Authenticating SAS 9 Application Users
User
Metadata Serverauthenticates User
with Host OS HostAuthenticatio
n
HostAuthenticatio
n
Application
Metadata Server
![Page 16: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/16.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Authenticating SAS 9 Application Users
User
Successful connection authenticates application
user
Application
Metadata Server
![Page 17: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/17.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Identity Management in Metadata
User and Group metadata objects
SAS Management Console User Manager
Benefits of Identities in Metadata:
Role-based Security
Personalization
Shared user context between cooperating applications
![Page 18: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/18.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Managing Identity Metadata with the SAS Management Console User Manager
![Page 19: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/19.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Establishing Identity at the Metadata Server Login object represents authentication credential
Associated with user identities
User ID must be unique for each user identity
User ID Password Authentication Domain
User: Fred Smith
Frsmith | secret | windomain
Frsmith | secret | unixhost1
![Page 20: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/20.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Logins and Authentication Domains
Windows domain: windomain
SAS MC User Manager
Fred Smith
![Page 21: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/21.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Using Login Objects to Establish Identity
windomain\Frsmith + PW
ApplicationMetadata
Server
HostAuthenticatio
n
HostAuthenticatio
n
Host authenticates
User ID
Fred Smith
![Page 22: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/22.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Using Login objects to establish identity
Application Metadata Server
Users &Groups
Logins are searched for a match to
authenticated User ID
windomain\Frsmith
Fred Smith
![Page 23: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/23.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Metadata identity established Metadata Server
User ID matches Login
windomain\Frsmith
![Page 24: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/24.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Using Login objects to establish identity
Authenticatedidentity returned
to application
Application
Metadata Server
Fred Smith
Fred Smith
![Page 25: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/25.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
SAS Workspace Servers
Database Servers
Credential Management for Single Sign-On
![Page 26: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/26.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Login Objects Provide Single Sign-On Credentials
Application users request resources from servers
Acquire credentials without prompting
User logins can provide credentials
Applications match credentials to server by Authentication Domain of the server.
User ID Password Authentication Domain
![Page 27: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/27.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Providing a User with Logins
UNIX
zOS
Windows Domain
User Login Objects
in Metadata
User ID password Authentication Domain
Unixusr Secret Unix
Winuser Secret windomain
ZosUser Secret zOS
![Page 28: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/28.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Single Sign-on and Credentials in Metadata
User
User selects a SASTable to view.
Application
User Identity
SAS Table
![Page 29: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/29.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Single Sign On and Credentials in Metadata
User
Application queries metadata: SAS library, Workspace server, and Authentication Domain
for Server.
Application
Metadata Server
Workspace Server
User Identity
Table
Auth Domain: windomain
![Page 30: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/30.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Single Sign On and Credentials in Metadata
User
Application checks
User’s logins
for match with server’s
Auth Domain: windomain
Application Metadata Server
?
User Identity
User’s Logins
Unixusr Secret Unix
Winuser Secret windomain
ZosUser Secret zOS
![Page 31: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/31.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Single Sign On and Credentials in Metadata
User
login matching Auth Domain: windomain
is found.
Application
Metadata Server
Workspace Server
Auth Domain: windomain
Login
TableWinuser Secret windomain
![Page 32: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/32.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Single Sign On and Credentials in Metadata
User
This logon credential is used for server connection.
Application
Workspace Server
Auth Domain: windomain
TableWinuser Secret windomain
![Page 33: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/33.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Single Sign On and Credentials in Metadata
User
User views Table.
Application
Table
Table
![Page 34: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/34.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Minimizing Credentials in Metadata
UNIX
zOS
Windows
Login Objects in Metadata
User ID password Authentication Domain
Unixusr Secret Unix
Winuser Secret Windomain
ZosUser Secret zOS
![Page 35: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/35.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Reducing the presence of credentials in Metadata.
Strategies
Caching Log-on credentials at the application
Works when cached credentials are valid for the servers User needs to use.
Group logins
Application checks for single sign credential in this pattern:
Does User have a login that matches the auth domain?
User a member of a Group with matching login?
![Page 36: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/36.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Case Study One: Information Map Studio
Testing an information map that is based on a SAS dataset accessed through a SAS 9 Workspace Server
Strategies to reduce credentials stored in metadata repository:• Caching of log on credentials by the application
![Page 37: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/37.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Information Maps
User-friendly metadata definitions of physical data sources
Enable your business users to query a data with meaningful names
User presentation meets specific business needs
Created in Information Map Studio
Map
![Page 38: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/38.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
User Groups and BI Workflow
ETL team builds data warehouse, mart, etc.
Information Architect determines business needs for accessing data and builds Information Maps with Information Map Studio
BI Analysts use Information Maps in Web Report Studio to build web-based reports
Business Users review reports for decision support
![Page 39: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/39.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Server Topology and Authentication Domains
Windows
Network
Domain
Metadata Server
SAS 9Workspace
Server
Authentication Domain:
DefaultAuth
Information Map
Studio
Testing an Information Map
Map
![Page 40: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/40.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Case Study One: Information Map Studio
Information Map Studio user
![Page 41: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/41.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Credential Caching!
![Page 42: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/42.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Case Study One: Information Map Studio
Metadata Server
sugi30023\sasdemo + pw
Credentials sent tothe metadata server
for authentication
Metadata serverhost authenticates
the connecting client
MetadataRepository
Metadata serversearches for
sugi30023\sasdemoin all login objects
HostAuthentication
HostAuthentication
![Page 43: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/43.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
YourIdentity
![Page 44: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/44.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
![Page 45: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/45.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
![Page 46: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/46.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
The library “stuff” contains the table “class” which is defined in the server context “SASMain”
![Page 47: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/47.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
SASMain workspace server is registered in the DefaultAuth authentication domain.
![Page 48: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/48.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Logins for sasdemo User
One login is registered in the DefaultAuth authentication domain, but it has no password…
![Page 49: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/49.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Single Sign-on to Workspace Server
Information Map Studio
“Run Test”
sugi30023\sasdemo + pw
Cached credentials sent to the Object Spawner for host
authentication
Object Spawner
Workspace server launched as
sugi30023\sasdemo
Workspace serverruns generated code, performs
query and returns results
Table
WorkspaceServer
![Page 50: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/50.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
![Page 51: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/51.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Case Study Two: Information Map Studio
Testing an information map that is based on a table in a DB2 database server accessed through a SAS 9 Workspace Server
Strategies to reduce credentials stored in metadata repository:• Caching of login credentials by the application
• Group login for DB2 server
![Page 52: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/52.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Server Topology and Authentication Domains
z/OS
Windows
Network
Domain
Metadata Server
IBM DB2®
Database
Auth Domain: DefaultAuth
Auth Domain: DB2Auth
Information Map
Studio
Map
Workspace Server
![Page 53: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/53.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Case Study Two: Information Map Studio
![Page 54: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/54.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
![Page 55: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/55.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
![Page 56: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/56.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Logins for sasdemo User
One login is registered and it is in the DefaultAuth authentication domain
![Page 57: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/57.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Logins for sasdemo User
Personal login for DB2 associated with the SAS Demo User
![Page 58: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/58.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
![Page 59: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/59.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Single Sign-on to Workspace Server
Information Map Studio
“Run Test”
sugi30023\sasdemo + pw Object Spawner
WorkspaceServer
DB2
Server
SAS code connects to DB2
using DB2 credentials
Workspace serverruns generated code, performs
query and returns results
![Page 60: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/60.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Additional Case Studies
Information map built against an OLAP cube
Web Report Studio using information maps generated in previous case studies
Web Report Studio configured for web authentication
Web Report Studio using pooled workspace servers
Metadata Server configured with an alternate authentication provider
![Page 61: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/61.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.
Concepts in our case studies
SAS 9 applications use the Metadata server for User authentication.
Credentials are managed in Metadata to support single sign-on.
Strategies to reduce credential storage in Metadata
Credential Caching
Group Logins
![Page 62: Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c725503460f949246eb/html5/thumbnails/62.jpg)
Copyright © 2005, SAS Institute Inc. All rights reserved.Copyright © 2005, SAS Institute Inc. All rights reserved. 69