Configuring Middle Tier Security Policies

The policies identified in the following table are configured with SAS Management Console. For more information, see Setting Global Properties for SAS Applications Using SAS Application Infrastructure Properties.
Middle Tier Security Policies
Policy Name
Default Value
Description
Check for metadata updates
Check on navigation
This is a deprecated property. Do not change the value unless you are directed to by SAS technical support.
Profile refresh interval
600000
This is a deprecated property. Do not change the value unless you are directed to by SAS technical support.
Allow client password storage
Yes
Indicates whether the site permits remote SAS clients to store user password credentials locally on the client. Many sites prohibit end-user clients from caching or persisting passwords for use in distributed applications.
Allow user log on from web logoff page
Yes
Determines whether to display a Log On button on the logoff successful page. Some sites, especially those that deploy walk-up kiosks, might want to ensure that their application users close the browser for added security.
Allow user logon from web timeout page
Yes
Determines whether to display a Log On button on the session timed out page. Some sites, especially those that deploy walk-up kiosks, might want to ensure that their application users close the browser for added security.
Display custom logon message
No
Determines whether to display a custom message or custom page on the standard logon page.
Display custom logoff message
No
Determines whether to display a custom message or custom page on the standard logoff successful page.
Display custom timeout message
No
Determines whether to display a custom message or custom page on the standard session timed out page.
Display logoff security message
Yes
Determines whether to display a security message on the logoff successful page. Some sites, especially those that deploy walk-up kiosks, might want to ensure that their application users close the browser for added security.
Display timeout security message
Yes
Determines whether to display a security message on the session timed out page. Some sites, especially those that deploy walk-up kiosks, might want to ensure that their application users close the browser for added security. For more information about time out values, see Configuring the HTTP Session Time-out Interval.
Display failed logon hints
No
Determines whether to display detailed messages on the failed logon page (for example, to indicate that the password was invalid). If this policy is set to No, the system-generated exceptions and errors are still displayed, such as if the system is quiesced or if the SAS Metadata Server is paused. If the value is No, the only message that is displayed for any user input failure is the invalid credentials message.
Enable autocomplete feature on logon page
No
Determines whether to use the autocomplete feature that is provided by the Web browser on the logon page.
Allow clients to keep service sessions alive
Yes
Determines whether desktop client applications keep middle tier resources alive. If set to No, then middle tier resources time out in a similar manner to Web applications. If set to Yes, then desktop client applications ping the server to keep the resources available.