Metacoda Plug-ins Tip: Removing an Unwanted Auth Domain and Logins

This tip details how to go about removing an unwanted Authentication Domain and all associated Login objects from SAS metadata. A need for this can arise when you have been temporarily (or accidentally/unnecessarily) added a second set of inbound logins for all of your SAS users and you decide you no longer need those extra logins (perhaps you are migrating between authentication mechanisms).

If you are using the Metacoda Identity Sync Plug-in then the first step is to edit the Identity Sync Profile (IDSP file) using the Identity Sync Profile Wizard and untick the checkbox that configures the 2nd login. If you don’t do this, then the auth domain, and all the logins, will simply be re-added next time you run a sync! You can see a sample screenshot of the wizard page where you can unconfigure the 2nd login below:

Metacoda Identity Sync Plug-in Wizard with unchecked Second Login

After updating, and saving, the Identity Sync Profile you are almost ready to remove the unwanted auth domain and associated logins. Before removing the metadata it is a good idea to do the following: Continue reading “Metacoda Plug-ins Tip: Removing an Unwanted Auth Domain and Logins”

Metacoda Plug-ins Tip: Locate Home Folder for a User

It is usually obvious where a SAS user’s metadata home folder (My Folder or private user folder) is – just look under /User Folders/ (or /Users/ in older SAS versions) for a folder with the user’s name. Sometimes, however, it can be a little trickier to locate: the user name may be cryptic or the user may have been added and deleted in metadata multiple times and you have folders with numeric suffixes i.e. name, name(1), name(2) etc.

To be confident, a user’s home folder can be found specified in metadata. As highlighted in the screenshot below, using the Metacoda User Reviewer, select the user, right click and select Advanced Properties from the context menu. In the Advanced Properties dialog, and the Associated Objects tab you should see the home folder listed in the row where the Association Name is AssociatedHomeFolder.

Metacoda User Reviewer Advanced Properties AssociatedHomeFolder

As a bonus tip, if you need to find home folders for users that are no longer present in metadata see Finding Private User Folders for Deleted SAS Platform Users

Did I add that CA Certificate to the SAS Trusted CA Bundle?

Sometimes I forget whether I’ve added our internal site root and intermediate CA certificates to the Trusted CA Bundle that SAS® Software applications use. Sometimes I also forget the command I can use to find out whether I did! 😉 As is often the case with my blog posts, by jotting things down here, I can find them again either by searching this blog, or more likely, by remembering I wrote it when I see it turn up in Google search results!

If you use site-signed certificates from your own internal CA in your SAS platform installations then you’re probably already familiar with adding them to the Trusted CA Bundle using the SAS Deployment Manager (see the Manage Certificates in the Trusted CA Bundle Using the SAS Deployment Manager section in the Encryption in SAS® 9.4 book for more info).

If you want to find out what CA certificates are already in that bundle you can use the Java keytool command like so:

/opt/sas94m5/sashome/SASPrivateJavaRuntimeEnvironment/9.4/jre/bin/keytool -list -keystore /opt/sas94m5/sashome/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.jks -storepass changeit

It generates a long list of CA certs, so I pipe it through grep to look for the ones I want:

/opt/sas94m5/sashome/SASPrivateJavaRuntimeEnvironment/9.4/jre/bin/keytool -list -keystore /opt/sas94m5/sashome/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.jks -storepass changeit | grep -i metacoda

If you want more details on the certificates you can Continue reading “Did I add that CA Certificate to the SAS Trusted CA Bundle?”