 |
|
| Authentication Tasks |
About the Workspace Server's Options Tab
The following figure depicts the Options tab for a logical workspace server
![[icon]](images/small-logserver.gif)
.
The Options Tab for a Logical Workspace Server
![[The Options Tab for a Logical Workspace Server]](images/optstab.gif)
Here are some additional details about this tab:
-
Because these settings are in the metadata, they can affect only metadata-aware connections.
-
The Host with Username/Password setting can cause SAS Enterprise Guide and the SAS Add-In for Microsoft Office to silently store user passwords in metadata. The storage occurs only if the workspace server is in its own authentication domain (for example, ServerAuth) and users interactively provide credentials when they access that server. If both of these circumstances apply to your deployment, consider selecting Prompt instead of Host with Username/Password.
-
The Host with Username/Password setting doesn't eliminate prompting for credentials. With this setting, all desktop applications prompt users to interactively supply credentials in any circumstance where credentials are needed and are not otherwise available.
-
The Prompt setting is the same as the Host with Username/Password setting, except that it has the following additional effects in SAS Enterprise Guide and the SAS Add-In for Microsoft Office:
-
prevents silent storage of user passwords in metadata
-
increases interactive prompts for user credentials, preventing single sign-on from those applications to the workspace server
-
-
If a workspace server is converted to client-side pooling, this tab is disabled and might not accurately depict settings that apply if the server is accessed as a standard workspace server. To avoid confusion, don't use the same workspace server for both client-side pooling and standard use. Instead, if you choose to set up client-side pooling, use a dedicated workspace server (inside a separate application server).
-
Configuring a workspace server to use SAS token authentication can be useful in a multi-host environment. See Mixed Providers.
-
Don't turn off enforcement of the requirement for ReadMetadata permission. This setting is provided only in case a site needs it for backwards compatibility.
-
Choosing one of the Integrated Windows authentication (IWA) packages doesn't guarantee that IWA will always be used and doesn't turn off credential-based host authentication. For example:
-
Users who don't choose IWA in their client-side connection profiles don't use IWA. The client-side profile setting affects whether the initial connection to the metadata server uses IWA. In a session in which that initial connection doesn't use IWA, IWA can't be used to launch a workspace server.
-
If a user's stored login includes a password for the workspace server's authentication domain, those credentials are added to the user's context and credential-based host authentication occurs, even if IWA is chosen by both server and client.
Note: This information is provided to assist in troubleshooting when you expect IWA to occur but it does not. In most cases, a user's login doesn't have to include a password. When you view a user's logins (on the Accounts tab of his or her user definition), the password field always displays eight asterisks, regardless of whether a password is stored.
![[cautionend]](../../../../common/63294/HTML/default/images/cautend.gif)
-
-
Changes that you make on this tab take effect after you refresh the object spawner.
See Also
|
|
Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.