I’ve just finished a challenging but very rewarding experience configuring a SAS 9.4 M2 platform on Linux to use Integrated Windows Authentication (IWA), for both server and mid-tiers ….. without using Quest Authentication Services.
The SAS platform has supported IWA on Linux since SAS 9.3 but until recently has only supported it when you “purchase, install, and configure an additional third-party product (Quest Authentication Services 4.0)”.
I’ve been wanted to do a SAS + Linux + IWA config for a while but had put it off because of the Quest requirement. What brought it back to the front of my mind was talking to someone recently about implementing IWA for a SAS Visual Analytics installation on Linux. They wanted to provide seamless login via IWA for most users, but also provide form-based logins for people who couldn’t use IWA.
I remembered seeing this section from the What’s New in SAS 9.4 (SAS 9.4 Intelligence Platform):
In the second maintenance release for SAS 9.4, Integrated Windows Authentication on Linux systems no longer requires the use of Quest Authentication Services. SAS can leverage the libraries that are shipped with the supported operating system or that are provided in most third-party authentication solutions.
It sounded like SAS 9.4 M2 would allow me to build such a config, without using Quest, and use the standard Linux libgssapi_krb5 package instead. At the same time I also remembered reading a great SAS Global Forum paper by Zhiyong Li on mid-tier fallback authentication: this is where you can configure the SAS mid-tier to fallback to form-based authentication in situations where IWA is not available or has been disabled (like you might do when you want to login using a different second identity). These both sounded like great challenges [ and fun :) ], so I set about confirming my understanding of these possibilities with SAS 9.4 M2 by doing both at the same time.
After a few days of research, implementation, testing and debugging, I finalized the config last night. I got quite a buzz out of some of the mind-bending troubleshooting sessions and it was a very rewarding outcome. Other than a few relatively minor issues to resolve, it is all working very well now.
If I get some time I’ll try to write up a few blog posts with more detail on the steps, issues, troubleshooting techniques and resolutions. In the meantime here’s an outline of the approach I took:
Continue reading “IWA with SAS 9.4 M2 on Linux”