This tip details how to go about removing an unwanted Authentication Domain and all associated Login objects from SAS metadata. A need for this can arise when you have been temporarily (or accidentally/unnecessarily) added a second set of inbound logins for all of your SAS users and you decide you no longer need those extra logins (perhaps you are migrating between authentication mechanisms).
If you are using the Metacoda Identity Sync Plug-in then the first step is to edit the Identity Sync Profile (IDSP file) using the Identity Sync Profile Wizard and untick the checkbox that configures the 2nd login. If you don’t do this, then the auth domain, and all the logins, will simply be re-added next time you run a sync! You can see a sample screenshot of the wizard page where you can unconfigure the 2nd login below:
After updating, and saving, the Identity Sync Profile you are almost ready to remove the unwanted auth domain and associated logins. Before removing the metadata it is a good idea to do the following: Continue reading “Metacoda Plug-ins Tip: Removing an Unwanted Auth Domain and Logins”
It is usually obvious where a SAS user’s metadata home folder (My Folder or private user folder) is – just look under /User Folders/ (or /Users/ in older SAS versions) for a folder with the user’s name. Sometimes, however, it can be a little trickier to locate: the user name may be cryptic or the user may have been added and deleted in metadata multiple times and you have folders with numeric suffixes i.e. name, name(1), name(2) etc.
To be confident, a user’s home folder can be found specified in metadata. As highlighted in the screenshot below, using the Metacoda User Reviewer, select the user, right click and select Advanced Properties from the context menu. In the Advanced Properties dialog, and the Associated Objects tab you should see the home folder listed in the row where the Association Name is AssociatedHomeFolder.
As a bonus tip, if you need to find home folders for users that are no longer present in metadata see Finding Private User Folders for Deleted SAS Platform Users
Sometimes I forget whether I’ve added our internal site root and intermediate CA certificates to the Trusted CA Bundle that SAS® Software applications use. Sometimes I also forget the command I can use to find out whether I did! ;) As is often the case with my blog posts, by jotting things down here, I can find them again either by searching this blog, or more likely, by remembering I wrote it when I see it turn up in Google search results!
If you use site-signed certificates from your own internal CA in your SAS platform installations then you’re probably already familiar with adding them to the Trusted CA Bundle using the SAS Deployment Manager (see the Manage Certificates in the Trusted CA Bundle Using the SAS Deployment Manager section in the Encryption in SAS® 9.4 book for more info).
If you want to find out what CA certificates are already in that bundle you can use the Java keytool command like so:
/opt/sas94m5/sashome/SASPrivateJavaRuntimeEnvironment/9.4/jre/bin/keytool -list -keystore /opt/sas94m5/sashome/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.jks -storepass changeit
It generates a long list of CA certs, so I pipe it through grep to look for the ones I want:
/opt/sas94m5/sashome/SASPrivateJavaRuntimeEnvironment/9.4/jre/bin/keytool -list -keystore /opt/sas94m5/sashome/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.jks -storepass changeit | grep -i metacoda
If you want more details on the certificates you can Continue reading “Did I add that CA Certificate to the SAS Trusted CA Bundle?”
A few days ago I installed SAS Management Console 9.4 M4 and Metacoda Plug-ins 6.0 R4 on a Microsoft Surface Pro running Windows 10. After launching SAS Management Console, and logging in, it looked very odd. All of the icons and text were very close together and the text was hard to read. Here’s a screenshot (the images on this page are automatically resized to fit in the column, but I have kept them at their original resolution so you can click on them if you want to see them full size for comparison) …
This Surface Pro machine has a HiDPI display with a resolution of 2736×1824 and is scaled by default in Windows 10 at 200%. I assumed that Continue reading “SAS Management Console on HiDPI Windows 10”
As someone who specialises in SAS® metadata security, I spend a lot of time using the Authorization tab in SAS Management Console. I also use Linux a great deal. When I run SAS Management Console on Linux, I’ve noticed that the check box background colours on the Authorization tab don’t render correctly (for me at least). I only ever see white background check boxes when I expect to also see green and gray ones: green indicating an ACT; white indicating an ACE; and gray indicating indirect. These colours are important indicators for the source of access controls so not being able to see them is a problem!
It occurred to me that I might be able to resolve this by specifying a Java System Property in the sasmc.ini file to change the Java Look & Feel.
I first tried changing the default look & feel (using ‑Dswing.defaultlaf) but that didn’t work. What did work is changing the default system look & feel (with ‑Dswing.systemlaf). Continue reading “Java Look & Feel with SAS Management Console on Linux”